FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gnutls -- possible overflow/Denial of service vulnerabilities

Affected packages
gnutls < 2.12.18
2.99 < gnutls-devel < 3.0.15

Details

VuXML ID aecee357-739e-11e1-a883-001cc0a36e12
Discovery 2012-03-20
Entry 2012-03-21
Modified 2012-03-24

Mu Dynamics, Inc. reports:

The block cipher decryption logic in GnuTLS assumed that a record containing any data which was a multiple of the block size was valid for further decryption processing, leading to a heap corruption vulnerability.

References

CVE Name CVE-2012-1573