ALAS-2012-059 --- gnutlsID: oval:org.secpod.oval:def:1601280 | Date: (C)2020-11-27 (M)2023-11-10 |
Class: PATCH | Family: unix |
A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data before checking the real size of the session data provided by the server
Platform: |
Amazon Linux AMI |