What is the severity of CVE-2012-0390?

CVE-2012-0390 has a medium severity rating due to its potential to allow remote attackers to recover partial plaintext using a timing side-channel attack.

How can I fix CVE-2012-0390?

To fix CVE-2012-0390, upgrade your GnuTLS implementation to version 3.0.11 or later, where the vulnerability has been addressed.

Which versions of GnuTLS are affected by CVE-2012-0390?

CVE-2012-0390 affects GnuTLS versions 3.0.10 and earlier, along with several versions in the 2.x series.

What is a timing side-channel attack in the context of CVE-2012-0390?

A timing side-channel attack exploits variations in processing time to glean sensitive information, such as parts of the plaintext.

How do I determine if my system is vulnerable to CVE-2012-0390?

You can determine if your system is vulnerable to CVE-2012-0390 by checking the version of GnuTLS installed and comparing it against the vulnerable versions.

Vulnerability/
CVE-2012-0390

medium

4.3

CWE

310

6/1/2012

6/8/2024

CVE-2012-0390

First published: Fri Jan 06 2012(Updated: )

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
GnuTLS	<=3.0.10
GnuTLS	=2.2.4
GnuTLS	=2.2.5
GnuTLS	=2.4.0
GnuTLS	=2.4.1
GnuTLS	=2.4.2
GnuTLS	=2.4.3
GnuTLS	=2.6.0
GnuTLS	=2.6.1
GnuTLS	=2.6.2
GnuTLS	=2.6.3
GnuTLS	=2.6.4
GnuTLS	=2.6.5
GnuTLS	=2.6.6
GnuTLS	=2.8.0
GnuTLS	=2.8.1
GnuTLS	=2.8.2
GnuTLS	=2.8.3
GnuTLS	=2.8.4
GnuTLS	=2.8.5
GnuTLS	=2.8.6
GnuTLS	=2.10.0
GnuTLS	=2.10.1
GnuTLS	=2.10.1-x86
GnuTLS	=2.10.2
GnuTLS	=2.10.2-x86
GnuTLS	=2.10.3
GnuTLS	=2.10.4
GnuTLS	=2.10.5
GnuTLS	=2.10.5-x86
GnuTLS	=2.12.0
GnuTLS	=2.12.1
GnuTLS	=2.12.2
GnuTLS	=2.12.3
GnuTLS	=2.12.4
GnuTLS	=2.12.5
GnuTLS	=2.12.6
GnuTLS	=2.12.6.1
GnuTLS	=2.12.7
GnuTLS	=2.12.8
GnuTLS	=2.12.9
GnuTLS	=2.12.10
GnuTLS	=2.12.11
GnuTLS	=2.12.12
GnuTLS	=2.12.13
GnuTLS	=2.12.14
GnuTLS	=3.0.0
GnuTLS	=3.0.1
GnuTLS	=3.0.2
GnuTLS	=3.0.3
GnuTLS	=3.0.4
GnuTLS	=3.0.5
GnuTLS	=3.0.6
GnuTLS	=3.0.7
GnuTLS	=3.0.8
GnuTLS	=3.0.9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-0390?
CVE-2012-0390 has a medium severity rating due to its potential to allow remote attackers to recover partial plaintext using a timing side-channel attack.
How can I fix CVE-2012-0390?
To fix CVE-2012-0390, upgrade your GnuTLS implementation to version 3.0.11 or later, where the vulnerability has been addressed.
Which versions of GnuTLS are affected by CVE-2012-0390?
CVE-2012-0390 affects GnuTLS versions 3.0.10 and earlier, along with several versions in the 2.x series.
What is a timing side-channel attack in the context of CVE-2012-0390?
A timing side-channel attack exploits variations in processing time to glean sensitive information, such as parts of the plaintext.
How do I determine if my system is vulnerable to CVE-2012-0390?
You can determine if your system is vulnerable to CVE-2012-0390 by checking the version of GnuTLS installed and comparing it against the vulnerable versions.

agent/type
agent/author
agent/references
agent/weakness
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/gnu
canonical/gnutls
version/gnutls/3.0.10
version/gnutls/2.2.4
version/gnutls/2.2.5
version/gnutls/2.4.0
version/gnutls/2.4.1
version/gnutls/2.4.2
version/gnutls/2.4.3
version/gnutls/2.6.0
version/gnutls/2.6.1
version/gnutls/2.6.2
version/gnutls/2.6.3
version/gnutls/2.6.4
version/gnutls/2.6.5
version/gnutls/2.6.6
version/gnutls/2.8.0
version/gnutls/2.8.1
version/gnutls/2.8.2
version/gnutls/2.8.3
version/gnutls/2.8.4
version/gnutls/2.8.5
version/gnutls/2.8.6
version/gnutls/2.10.0
version/gnutls/2.10.1
version/gnutls/2.10.1-x86
version/gnutls/2.10.2
version/gnutls/2.10.2-x86
version/gnutls/2.10.3
version/gnutls/2.10.4
version/gnutls/2.10.5
version/gnutls/2.10.5-x86
version/gnutls/2.12.0
version/gnutls/2.12.1
version/gnutls/2.12.2
version/gnutls/2.12.3
version/gnutls/2.12.4
version/gnutls/2.12.5
version/gnutls/2.12.6
version/gnutls/2.12.6.1
version/gnutls/2.12.7
version/gnutls/2.12.8
version/gnutls/2.12.9
version/gnutls/2.12.10
version/gnutls/2.12.11
version/gnutls/2.12.12
version/gnutls/2.12.13
version/gnutls/2.12.14
version/gnutls/3.0.0
version/gnutls/3.0.1
version/gnutls/3.0.2
version/gnutls/3.0.3
version/gnutls/3.0.4
version/gnutls/3.0.5
version/gnutls/3.0.6
version/gnutls/3.0.7
version/gnutls/3.0.8
version/gnutls/3.0.9