CVE Vulnerabilities

CVE-2012-0390

Published: Jan 06, 2012 | Modified: Mar 26, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.

Affected Software

Name Vendor Start Version End Version
Gnutls Gnu 2.10.2 2.10.2
Gnutls Gnu 2.8.3 2.8.3
Gnutls Gnu 3.0.3 3.0.3
Gnutls Gnu 2.12.2 2.12.2
Gnutls Gnu 3.0.9 3.0.9
Gnutls Gnu 2.6.1 2.6.1
Gnutls Gnu 3.0.6 3.0.6
Gnutls Gnu 2.2.4 2.2.4
Gnutls Gnu 3.0.8 3.0.8
Gnutls Gnu 2.12.7 2.12.7
Gnutls Gnu 2.12.5 2.12.5
Gnutls Gnu 2.2.5 2.2.5
Gnutls Gnu 2.8.5 2.8.5
Gnutls Gnu 2.10.5-x86 2.10.5-x86
Gnutls Gnu 2.10.4 2.10.4
Gnutls Gnu 2.6.0 2.6.0
Gnutls Gnu 2.8.0 2.8.0
Gnutls Gnu 2.12.14 2.12.14
Gnutls Gnu 2.12.8 2.12.8
Gnutls Gnu 3.0.0 3.0.0
Gnutls Gnu 2.4.3 2.4.3
Gnutls Gnu 2.6.2 2.6.2
Gnutls Gnu 2.10.1 2.10.1
Gnutls Gnu 2.12.6.1 2.12.6.1
Gnutls Gnu 2.12.0 2.12.0
Gnutls Gnu 2.12.10 2.12.10
Gnutls Gnu 2.6.3 2.6.3
Gnutls Gnu 2.6.6 2.6.6
Gnutls Gnu 2.12.6 2.12.6
Gnutls Gnu 2.10.3 2.10.3
Gnutls Gnu 2.4.0 2.4.0
Gnutls Gnu 2.8.6 2.8.6
Gnutls Gnu 2.4.1 2.4.1
Gnutls Gnu 2.12.9 2.12.9
Gnutls Gnu * 3.0.10
Gnutls Gnu 3.0.7 3.0.7
Gnutls Gnu 2.10.5 2.10.5
Gnutls Gnu 3.0.2 3.0.2
Gnutls Gnu 2.6.5 2.6.5
Gnutls Gnu 2.8.2 2.8.2
Gnutls Gnu 2.12.13 2.12.13
Gnutls Gnu 2.10.1-x86 2.10.1-x86
Gnutls Gnu 2.4.2 2.4.2
Gnutls Gnu 2.10.2-x86 2.10.2-x86
Gnutls Gnu 3.0.5 3.0.5
Gnutls Gnu 2.6.4 2.6.4
Gnutls Gnu 2.12.12 2.12.12
Gnutls Gnu 2.12.3 2.12.3
Gnutls Gnu 2.12.4 2.12.4
Gnutls Gnu 2.8.1 2.8.1
Gnutls Gnu 2.12.11 2.12.11
Gnutls Gnu 2.12.1 2.12.1
Gnutls Gnu 3.0.1 3.0.1
Gnutls Gnu 2.10.0 2.10.0
Gnutls Gnu 3.0.4 3.0.4
Gnutls Gnu 2.8.4 2.8.4

References