Description
An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/01/msg00003.html
Scores
CVSS v3
5.3
EPSS
0.0131
EPSS Percentile
66.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-252
Status
published
Products (2)
debian/debian_linux
9.0
linbit/csync2
< 2.0
Published
Dec 30, 2020
Tracked Since
Feb 18, 2026