Bug 1287572 (CVE-2015-8313) - CVE-2015-8313 gnutls: First byte of the padding in CBC mode is not checked
Summary: CVE-2015-8313 gnutls: First byte of the padding in CBC mode is not checked
Alias: CVE-2015-8313
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On:
Blocks: 1287573
TreeView+ depends on / blocked
Reported: 2015-12-02 11:23 UTC by Adam Mariš
Modified: 2019-09-29 13:40 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-12-02 12:56:26 UTC

Attachments (Terms of Use)
Patch extracted from Debian packages gnutls26-2.12.20-8+deb7u4 (764 bytes, text/plain)
2015-12-02 12:53 UTC, Tomas Hoger
no flags Details

Description Adam Mariš 2015-12-02 11:23:09 UTC
It was discovered that gnutls incorrectly validates the first byte of padding in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding oracle attack. Affected are older versions of gnutls (2.x).

Public via:


Comment 1 Nikos Mavrogiannopoulos 2015-12-02 12:02:27 UTC
This bug does not affect RHEL-6 or RHEL-7. They have been patched with the proper fixes for Lucky13 which included the fix for that issue.

Comment 2 Nikos Mavrogiannopoulos 2015-12-02 12:04:21 UTC
It doesn't affect RHEL-5 either.

Comment 3 Tomas Hoger 2015-12-02 12:49:59 UTC
Details of this issue can be found in the Hanno Böck's blog post:


Here is also the original Ubuntu bug report:


Comment 4 Tomas Hoger 2015-12-02 12:53:10 UTC
Created attachment 1101466 [details]
Patch extracted from Debian packages gnutls26-2.12.20-8+deb7u4

Comment 5 Tomas Hoger 2015-12-02 12:56:26 UTC
The GnuTLS version of Lucky13 got CVE-2013-1619 (bug 908238) and got corrected in Red Hat Enterprise Linux 5 and 6.  As noted above, the fix used addressed Lucky13 without leaving this small problem in.

Note You need to log in before you can comment on or make changes to this bug.