Back to search
CVE-2012-0390
Published: Jan 6, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
57260
third-party-advisory
x_refsource_SECUNIA
http://www.isg.rhul.ac.uk/~kp/dtls.pdf
x_refsource_MISC
SUSE-SU-2014:0320
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now