Home page logo

oss-sec logo oss-sec mailing list archives

CVE request: GnuTLS TLS record handling issue / MU-201202-01
From: Stefan Cornelius <scorneli () redhat com>
Date: Wed, 21 Mar 2012 12:32:59 +0100


Correcting myself as more details about the GnuTLS case were revealed:
GnuTLS needs a CVE after all, for another issue different from

Quoting the Mu Dynamics advisory [1]:

The block cipher decryption logic in GnuTLS assumed that a record
containing any data which was a multiple of the block size was valid for
further decryption processing, leading to a heap corruption vulnerability.

The bug can be reproduced in GnuTLS 3.0.14 by creating a corrupt
GenericBlockCipher struct with a valid IV, while everything else is
stripped off the end, while the handshake message length retains its
original value: [...]

This will cause a segmentation fault, when the ciphertext_to_compressed
function tries to give decrypted data to _gnutls_auth_cipher_add_auth
for HMAC verification, even though the data length is invalid, and it
should have returned GNUTLS_E_DECRYPTION_FAILED or
_gnutls_auth_cipher_add_auth was called.

NOTE: This CVE request is only for the GnuTLS TLS record handling issue
/ MU-201202-01. When looking at the release notes [2] and [3], there are
other issues that may be worthy of a CVE, but are currently still under

** libgnutls: Eliminate double free during SRP
authentication. Reported by Peter Penzov.

** libgnutls: PKCS #11 objects that do not have ID
no longer crash listing. Reported by Sven Geggus.

-- References --

[1] Mu Dynamics:

[2] GnuTLS 3.0.15 release announcement:

[3] GnuTLS 2.12.17 release announcement:

[4] GNUTLS-SA-2012-2:

[5] Red Hat bug:

Thanks and kind regards,
Stefan Cornelius / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]