CVE-2019-15523

Опубликовано: 30 дек. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API.

Ссылки

https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00003.html
Mailing List
Third Party Advisory
https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00003.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linbit:csync2:*:*:*:*:*:*:*:*

Версия до 2.0 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.0067

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-252

Связанные уязвимости

CVE-2019-15523

CVSS3: 5.3

ubuntu

около 5 лет назад

CVE-2019-15523

CVSS3: 5.3

debian

около 5 лет назад

An issue was discovered in LINBIT csync2 through 2.0. It does not corr ...

GHSA-hw3p-w63h-mj9c

github

больше 3 лет назад

openSUSE-SU-2021:0853-1

suse-cvrf

больше 4 лет назад

Security update for csync2

SUSE-SU-2021:1952-1

suse-cvrf

больше 4 лет назад

Security update for csync2

EPSS

Процентиль: 71%

0.0067

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-252