CVE-2015-8313

moderate-risk

Published 2019-12-20

GnuTLS incorrectly validates the first byte of padding in CBC modes

Do I need to act?

1.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Gnutls

Debian Linux

Debian Gnu

Third Party Advisory http://www.debian.org/security/2015/dsa-3408

Third Party Advisory http://www.securityfocus.com/archive/1/537012/100/0/threaded

Third Party Advisory http://www.securityfocus.com/bid/78327

Third Party Advisory https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions....

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313

Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313

Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2015-8313

Third Party Advisory http://www.debian.org/security/2015/dsa-3408

Third Party Advisory http://www.securityfocus.com/archive/1/537012/100/0/threaded

Third Party Advisory http://www.securityfocus.com/bid/78327

Third Party Advisory https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions....

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313

Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313

Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2015-8313

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 3/34 · Minimal

Exposure 12/34 · Low