Vulnerabilities > CVE-2019-15523 - Unchecked Return Value vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

linbit

debian

CWE-252

NVD

Published: 2020-12-30

Updated: 2021-01-04

Summary

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API.

Vulnerable Configurations

Part	Description	Count
Application	Linbit Linbit Csync2 - Linbit Csync2 1.34 Linbit Csync2 2.0	3
OS	Debian Debian Debian Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-252 - Unchecked Return Value

References

https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2
https://lists.debian.org/debian-lts-announce/2021/01/msg00003.html