fkie_nvd - fkie_cve-2012-0390

fkie_cve-2012-0390

Vulnerability from fkie_nvd

Published

2012-01-06 01:55

Modified

2025-04-11 00:51

Severity ?

Summary

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.

References

	URL	Tags
	cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
	cve@mitre.org	http://secunia.com/advisories/57260
	cve@mitre.org	http://www.isg.rhul.ac.uk/~kp/dtls.pdf
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57260
	af854a3a-2127-422b-91ae-364da2661108	http://www.isg.rhul.ac.uk/~kp/dtls.pdf

Impacted products

Vendor	Product	Version
gnu	gnutls	*
gnu	gnutls	2.2.4
gnu	gnutls	2.2.5
gnu	gnutls	2.4.0
gnu	gnutls	2.4.1
gnu	gnutls	2.4.2
gnu	gnutls	2.4.3
gnu	gnutls	2.6.0
gnu	gnutls	2.6.1
gnu	gnutls	2.6.2
gnu	gnutls	2.6.3
gnu	gnutls	2.6.4
gnu	gnutls	2.6.5
gnu	gnutls	2.6.6
gnu	gnutls	2.8.0
gnu	gnutls	2.8.1
gnu	gnutls	2.8.2
gnu	gnutls	2.8.3
gnu	gnutls	2.8.4
gnu	gnutls	2.8.5
gnu	gnutls	2.8.6
gnu	gnutls	2.10.0
gnu	gnutls	2.10.1
gnu	gnutls	2.10.1-x86
gnu	gnutls	2.10.2
gnu	gnutls	2.10.2-x86
gnu	gnutls	2.10.3
gnu	gnutls	2.10.4
gnu	gnutls	2.10.5
gnu	gnutls	2.10.5-x86
gnu	gnutls	2.12.0
gnu	gnutls	2.12.1
gnu	gnutls	2.12.2
gnu	gnutls	2.12.3
gnu	gnutls	2.12.4
gnu	gnutls	2.12.5
gnu	gnutls	2.12.6
gnu	gnutls	2.12.6.1
gnu	gnutls	2.12.7
gnu	gnutls	2.12.8
gnu	gnutls	2.12.9
gnu	gnutls	2.12.10
gnu	gnutls	2.12.11
gnu	gnutls	2.12.12
gnu	gnutls	2.12.13
gnu	gnutls	2.12.14
gnu	gnutls	3.0.0
gnu	gnutls	3.0.1
gnu	gnutls	3.0.2
gnu	gnutls	3.0.3
gnu	gnutls	3.0.4
gnu	gnutls	3.0.5
gnu	gnutls	3.0.6
gnu	gnutls	3.0.7
gnu	gnutls	3.0.8
gnu	gnutls	3.0.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E54287A-6374-462C-B4AC-843298ED3E1C",
              "versionEndIncluding": "3.0.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D7D245A-D983-40AD-89A7-0EA00D38D570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7223691-225D-4649-B410-F41D2C489BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F786B6F2-77FC-4DFE-A574-2C00EDC08CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "350A6845-77D6-4D63-A13C-5DAB55F98727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D457688-987A-4059-AA58-D9BF19ABC48B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA20043D-EC85-4003-9E7B-27AB50F4E133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A2C47E-510D-4537-8F51-3763A73E8E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4704D411-7B24-4B1F-9D40-A39A178FF873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3091701-9B7C-4494-A82E-6E6F64656D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "541BCA04-0500-4388-9140-55C17E17EB15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11431F6-8C9D-40E1-84F6-CD25147DB15E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3D824-585E-49F1-9E44-902F5C7D57D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2097221B-46C2-480C-8D79-54080186BB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CEC430-8CFF-4DC5-9B2B-338C401B1984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2DAA60D-F9B4-4045-81C2-29AD913E7BF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "547CC163-57F9-4418-BFB1-0E688DEEE0BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A274912-B16F-4B91-8CC0-E5CEED04B678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.1-x86:*:*:*:*:*:*:*",
              "matchCriteriaId": "C679AA53-3BFF-419B-968F-19C285920049",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA84D0DE-B63F-41E4-AB04-70D2F5134D46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.2-x86:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E776B44-557C-491C-88B2-A2B757E6D4B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5552C7B3-5D56-4858-B138-F49CD1F90513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F7E11DD-6AFC-4271-92D5-FB41CA6E1B52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA23D0EC-6014-4303-962A-1936EFCE3D16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.5-x86:*:*:*:*:*:*:*",
              "matchCriteriaId": "C10EE9B1-2B6B-47B1-A153-CC296385BB9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA54B99-2FF1-432F-9587-8F384323CADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39F59B50-BC97-43B3-BC15-C767F420291E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B25626-7C72-4BAE-85FF-415A5F376A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31E092EF-D7F6-4160-B928-3C3EA1198B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "185A2FAD-5541-4439-924B-406BD33E6FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "854F260C-4C7D-4855-8644-4B6DC7CD5657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E877F8-3623-4295-816F-7EE4FFDE1599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "86E711C7-37EE-4957-BD49-FA08103357BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A964A74F-CC0E-4E2E-8DBB-858A66EA2566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8150D656-9B13-49D0-9960-4C78E057AB26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0161F845-C5F4-4318-949A-499A4062FB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C42F577F-264C-4F8F-955A-67743965AB8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n DTLS en GnuTLS v3.0.10 y anteriores ejecuta codigo de gestion de errores s\u00f3lo si existe una relaci\u00f3n espec\u00edfica entre la longitud de relleno y el tama\u00f1o del texto cifrado, lo que facilita a los atacantes remotos a la hora de recuperar parte del texto a trav\u00e9s de un ataque de temporizacion en canal fisico. Se trata deproblema relacionado con CVE-2011-4108."
    }
  ],
  "id": "CVE-2012-0390",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-01-06T01:55:01.080",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/57260"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-0390 (GCVE-0-2012-0390)

Vulnerability from cvelistv5

Published

2012-01-06 01:00