Vulnerabilities > CVE-2012-1663 - Resource Management Errors vulnerability in GNU Gnutls

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
gnu
CWE-399
nessus
exploit available

Summary

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

Vulnerable Configurations

Part Description Count
Application
Gnu
182

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionGnuTLS libgnutls Double-free Certificate List Parsing Remote DoS. CVE-2012-1663. Dos exploit for linux platform
fileexploits/linux/dos/24865.txt
idEDB-ID:24865
last seen2016-02-03
modified2013-03-22
platformlinux
port
published2013-03-22
reporterShawn the R0ck
sourcehttps://www.exploit-db.com/download/24865/
titleGnuTLS libgnutls Double-free Certificate List Parsing Remote DoS
typedos

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-277.NASL
    description3 vulnerabilities were discovered for the gnutls packages in openSUSE version 12.1.
    last seen2020-06-05
    modified2014-06-13
    plugin id74627
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74627
    titleopenSUSE Security Update : gnutls (openSUSE-SU-2012:0620-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-110.NASL
    description - fix gnutls double free (bnc#752193, CVE-2012-1663.patch)
    last seen2020-06-05
    modified2014-06-13
    plugin id74886
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74886
    titleopenSUSE Security Update : gnutls (openSUSE-SU-2013:0283-1)

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:78552
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-78552
titleGnuTLS libgnutls Double-free Certificate List Parsing Remote DoS