CVE-2019-15523

MEDIUM

LINBIT csync2 <2.0 - Info Disclosure

Title source: llm

Description

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API.

References (2)

[Patch, Third Party Advisory] https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/01/msg00003.html

Scores

CVSS v3 5.3

EPSS 0.0067

EPSS Percentile 71.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-252

Status published

Affected Products (2)

linbit/csync2 < 2.0

debian/debian_linux

Timeline

Published Dec 30, 2020

Tracked Since Feb 18, 2026