CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-15523

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.4%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2
https://lists.debian.org/debian-lts-announce/2021/01/msg00003.html
https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2
https://lists.debian.org/debian-lts-announce/2021/01/msg00003.html

Products affected by CVE-2019-15523

Linbit » Csync2 » Version: N/A

cpe:2.3:a:linbit:csync2:-
Linbit » Csync2 » Version: 1.34

cpe:2.3:a:linbit:csync2:1.34
Linbit » Csync2 » Version: 2.0

cpe:2.3:a:linbit:csync2:2.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15523

Products

Pricing

Contact Us