GnuTLS.gnutls_handshake.Information.Disclosure

description-logoDescription

This indicates an attack attempt against an Information Disclosure vulnerability in GnuTLS.
The vulnerability is due to insufficient input validation in the application when handling a crafted SSL packet. A remote attacker can exploit this to gain unauthorized access to sensitive information via the crafted SSL request.

affected-products-logoAffected Products

gnutls prior to 3.1.25
gnutls prior to 3.2.15
gnutls prior to 3.3.3

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.gnutls.org/security.html#GNUTLS-SA-2014-3

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)