Wind River Support Network

HomeDefectsLIN6-5129

Fixed

LIN6-5129 : Security Advisory - gnutls - CVE-2013-2116

Created: Jul 15, 2013 Updated: Dec 3, 2018

Resolved Date: Dec 17, 2013

Previous ID: LIN3-23055

Found In Version: 6.0

Fix Version: 6.0.0.2

Severity: Standard

Applicable for: Wind River Linux 6

Component/s: Userspace

Description

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length.  NOTE: this might be due to an incorrect fix for CVE-2013-0169.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2116

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads

Wind River Linux 6.0.0.29
Wind River Linux 6.0.0.30
Wind River Linux 6.0.0.31
Wind River Linux 6.0.0.32
Wind River Linux 6.0.0.33
Wind River Linux 6.0.0.34
Wind River Linux 6.0.0.35
Wind River Linux 6.0.0.36
Wind River Linux 6.0.0.37
Wind River Linux 6.0.0.38