<p>Upgrade <code>Debian:10</code> <code>gnutls28</code> to version 3.0.22-3 or higher.</p>

Cryptographic Issues Affecting gnutls28 package, versions <3.0.22-3

Snyk CVSS

Attack Complexity High

Threat Intelligence

EPSS 0.45% (75^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN10-GNUTLS28-340767
published 8 Feb 2013
disclosed 8 Feb 2013

Report a new vulnerability Found a mistake?

Introduced: 8 Feb 2013

CVE-2013-1619 Open this link in a new tab CWE-310 Open this link in a new tab

How to fix?

Upgrade Debian:10 gnutls28 to version 3.0.22-3 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.