Description
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57260
Various Sources x_refsource_misc
http://www.isg.rhul.ac.uk/~kp/dtls.pdf
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
Scores
EPSS
0.0026
EPSS Percentile
49.5%
Details
CWE
CWE-310
Status
published
Products (50)
gnu/gnutls
2.2.4
gnu/gnutls
2.2.5
gnu/gnutls
2.4.0
gnu/gnutls
2.4.1
gnu/gnutls
2.4.2
gnu/gnutls
2.4.3
gnu/gnutls
2.6.0
gnu/gnutls
2.6.1
gnu/gnutls
2.6.2
gnu/gnutls
2.6.3
... and 40 more
Published
Jan 06, 2012
Tracked Since
Feb 18, 2026