What is the severity of CVE-2012-1573?

CVE-2012-1573 is classified as a moderate severity vulnerability due to parsing issues in record packets of GnuTLS.

How do I fix CVE-2012-1573?

To mitigate CVE-2012-1573, upgrade GnuTLS to version 3.0.15 or later, or apply patches if you're using an affected version.

Which versions of GnuTLS are affected by CVE-2012-1573?

CVE-2012-1573 affects GnuTLS versions up to 2.12.14 and all 2.x versions.

What types of applications are at risk due to CVE-2012-1573?

Any applications using the affected versions of GnuTLS for secure communication may be vulnerable due to this parsing flaw.

Who reported the vulnerability CVE-2012-1573?

CVE-2012-1573 was reported by Matthew Hall.

Vulnerability/
CVE-2012-1573

medium

CWE

310

21/3/2012

26/3/2012

28/8/2023

CVE-2012-1573

First published: Wed Mar 21 2012(Updated: )

GnuTLS 3.0.15 was released fixing the following issue: ** libgnutls: Corrections in record packet parsing. Reported by Matthew Hall. <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912">http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912</a> Patch for 2.x: <a href="http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=422214868061370aeeb0ac9cd0f021a5c350a57d">http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=422214868061370aeeb0ac9cd0f021a5c350a57d</a> Patch for 3.x: <a href="http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=b495740f2ff66550ca9395b3fda3ea32c3acb185">http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=b495740f2ff66550ca9395b3fda3ea32c3acb185</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
GNU GnuTLS	<=2.12.16
GNU GnuTLS	=2.0.0
GNU GnuTLS	=2.0.1
GNU GnuTLS	=2.0.2
GNU GnuTLS	=2.0.3
GNU GnuTLS	=2.0.4
GNU GnuTLS	=2.1.0
GNU GnuTLS	=2.1.1
GNU GnuTLS	=2.1.2
GNU GnuTLS	=2.1.3
GNU GnuTLS	=2.1.4
GNU GnuTLS	=2.1.5
GNU GnuTLS	=2.1.6
GNU GnuTLS	=2.1.7
GNU GnuTLS	=2.1.8
GNU GnuTLS	=2.2.0
GNU GnuTLS	=2.2.1
GNU GnuTLS	=2.2.2
GNU GnuTLS	=2.2.3
GNU GnuTLS	=2.2.4
GNU GnuTLS	=2.2.5
GNU GnuTLS	=2.3.0
GNU GnuTLS	=2.3.1
GNU GnuTLS	=2.3.2
GNU GnuTLS	=2.3.3
GNU GnuTLS	=2.3.4
GNU GnuTLS	=2.3.5
GNU GnuTLS	=2.3.6
GNU GnuTLS	=2.3.7
GNU GnuTLS	=2.3.8
GNU GnuTLS	=2.3.9
GNU GnuTLS	=2.3.10
GNU GnuTLS	=2.3.11
GNU GnuTLS	=2.4.0
GNU GnuTLS	=2.4.1
GNU GnuTLS	=2.4.2
GNU GnuTLS	=2.4.3
GNU GnuTLS	=2.5.0
GNU GnuTLS	=2.6.0
GNU GnuTLS	=2.6.1
GNU GnuTLS	=2.6.2
GNU GnuTLS	=2.6.3
GNU GnuTLS	=2.6.4
GNU GnuTLS	=2.6.5
GNU GnuTLS	=2.6.6
GNU GnuTLS	=2.7.4
GNU GnuTLS	=2.8.0
GNU GnuTLS	=2.8.1
GNU GnuTLS	=2.8.2
GNU GnuTLS	=2.8.3
GNU GnuTLS	=2.8.4
GNU GnuTLS	=2.8.5
GNU GnuTLS	=2.8.6
GNU GnuTLS	=2.10.0
GNU GnuTLS	=2.10.1
GNU GnuTLS	=2.10.2
GNU GnuTLS	=2.10.3
GNU GnuTLS	=2.10.4
GNU GnuTLS	=2.10.5
GNU GnuTLS	=2.12.0
GNU GnuTLS	=2.12.1
GNU GnuTLS	=2.12.2
GNU GnuTLS	=2.12.3
GNU GnuTLS	=2.12.4
GNU GnuTLS	=2.12.5
GNU GnuTLS	=2.12.6
GNU GnuTLS	=2.12.6.1
GNU GnuTLS	=2.12.7
GNU GnuTLS	=2.12.8
GNU GnuTLS	=2.12.9
GNU GnuTLS	=2.12.10
GNU GnuTLS	=2.12.11
GNU GnuTLS	=2.12.12
GNU GnuTLS	=2.12.13
GNU GnuTLS	=2.12.14
GNU GnuTLS	=2.12.15
GNU GnuTLS	=3.0
GNU GnuTLS	=3.0.0
GNU GnuTLS	=3.0.1
GNU GnuTLS	=3.0.2
GNU GnuTLS	=3.0.3
GNU GnuTLS	=3.0.4
GNU GnuTLS	=3.0.5
GNU GnuTLS	=3.0.6
GNU GnuTLS	=3.0.7
GNU GnuTLS	=3.0.8
GNU GnuTLS	=3.0.9
GNU GnuTLS	=3.0.10
GNU GnuTLS	=3.0.11
GNU GnuTLS	=3.0.12
GNU GnuTLS	=3.0.13
GNU GnuTLS	=3.0.14

Remedy

http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d

Remedy

http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-1573?
CVE-2012-1573 is classified as a moderate severity vulnerability due to parsing issues in record packets of GnuTLS.
How do I fix CVE-2012-1573?
To mitigate CVE-2012-1573, upgrade GnuTLS to version 3.0.15 or later, or apply patches if you're using an affected version.
Which versions of GnuTLS are affected by CVE-2012-1573?
CVE-2012-1573 affects GnuTLS versions up to 2.12.14 and all 2.x versions.
What types of applications are at risk due to CVE-2012-1573?
Any applications using the affected versions of GnuTLS for secure communication may be vulnerable due to this parsing flaw.
Who reported the vulnerability CVE-2012-1573?
CVE-2012-1573 was reported by Matthew Hall.

collector/redhat-bugzilla
alias/CVE-2012-1573
agent/weakness
agent/references
agent/severity
agent/author
agent/type
agent/description
agent/event
agent/last-modified-date
agent/remedy
agent/first-publish-date
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/gnu
canonical/gnu gnutls
version/gnu gnutls/2.12.16
version/gnu gnutls/2.0.0
version/gnu gnutls/2.0.1
version/gnu gnutls/2.0.2
version/gnu gnutls/2.0.3
version/gnu gnutls/2.0.4
version/gnu gnutls/2.1.0
version/gnu gnutls/2.1.1
version/gnu gnutls/2.1.2
version/gnu gnutls/2.1.3
version/gnu gnutls/2.1.4
version/gnu gnutls/2.1.5
version/gnu gnutls/2.1.6
version/gnu gnutls/2.1.7
version/gnu gnutls/2.1.8
version/gnu gnutls/2.2.0
version/gnu gnutls/2.2.1
version/gnu gnutls/2.2.2
version/gnu gnutls/2.2.3
version/gnu gnutls/2.2.4
version/gnu gnutls/2.2.5
version/gnu gnutls/2.3.0
version/gnu gnutls/2.3.1
version/gnu gnutls/2.3.2
version/gnu gnutls/2.3.3
version/gnu gnutls/2.3.4
version/gnu gnutls/2.3.5
version/gnu gnutls/2.3.6
version/gnu gnutls/2.3.7
version/gnu gnutls/2.3.8
version/gnu gnutls/2.3.9
version/gnu gnutls/2.3.10
version/gnu gnutls/2.3.11
version/gnu gnutls/2.4.0
version/gnu gnutls/2.4.1
version/gnu gnutls/2.4.2
version/gnu gnutls/2.4.3
version/gnu gnutls/2.5.0
version/gnu gnutls/2.6.0
version/gnu gnutls/2.6.1
version/gnu gnutls/2.6.2
version/gnu gnutls/2.6.3
version/gnu gnutls/2.6.4
version/gnu gnutls/2.6.5
version/gnu gnutls/2.6.6
version/gnu gnutls/2.7.4
version/gnu gnutls/2.8.0
version/gnu gnutls/2.8.1
version/gnu gnutls/2.8.2
version/gnu gnutls/2.8.3
version/gnu gnutls/2.8.4
version/gnu gnutls/2.8.5
version/gnu gnutls/2.8.6
version/gnu gnutls/2.10.0
version/gnu gnutls/2.10.1
version/gnu gnutls/2.10.2
version/gnu gnutls/2.10.3
version/gnu gnutls/2.10.4
version/gnu gnutls/2.10.5
version/gnu gnutls/2.12.0
version/gnu gnutls/2.12.1
version/gnu gnutls/2.12.2
version/gnu gnutls/2.12.3
version/gnu gnutls/2.12.4
version/gnu gnutls/2.12.5
version/gnu gnutls/2.12.6
version/gnu gnutls/2.12.6.1
version/gnu gnutls/2.12.7
version/gnu gnutls/2.12.8
version/gnu gnutls/2.12.9
version/gnu gnutls/2.12.10
version/gnu gnutls/2.12.11
version/gnu gnutls/2.12.12
version/gnu gnutls/2.12.13
version/gnu gnutls/2.12.14
version/gnu gnutls/2.12.15
version/gnu gnutls/3.0
version/gnu gnutls/3.0.0
version/gnu gnutls/3.0.1
version/gnu gnutls/3.0.2
version/gnu gnutls/3.0.3
version/gnu gnutls/3.0.4
version/gnu gnutls/3.0.5
version/gnu gnutls/3.0.6
version/gnu gnutls/3.0.7
version/gnu gnutls/3.0.8
version/gnu gnutls/3.0.9
version/gnu gnutls/3.0.10
version/gnu gnutls/3.0.11
version/gnu gnutls/3.0.12
version/gnu gnutls/3.0.13
version/gnu gnutls/3.0.14

CVE-2012-1573

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-1573?

How do I fix CVE-2012-1573?

Which versions of GnuTLS are affected by CVE-2012-1573?

What types of applications are at risk due to CVE-2012-1573?

Who reported the vulnerability CVE-2012-1573?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2012-1573?

How do I fix CVE-2012-1573?

Which versions of GnuTLS are affected by CVE-2012-1573?

What types of applications are at risk due to CVE-2012-1573?

Who reported the vulnerability CVE-2012-1573?