What is CVE-2015-8313?

CVE-2015-8313 is a medium-severity software vulnerability (CWE-203) with a CVSS score of 5.9. GnuTLS incorrectly validates the first byte of padding in CBC modes

Is CVE-2015-8313 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 2%.

What products does CVE-2015-8313 affect?

Tracked products affected include GnuTLS. Check the version you run to see whether it is affected.

How do I fix CVE-2015-8313?

Apply the vendor fix in your normal patch cycle. An official patch or advisory is available. Upgrade affected products to a fixed version.

← All products

CVE-2015-8313

MEDIUM severity · CVSS 5.9 · CWE-203

5.9CVSS MEDIUM

Summary

GnuTLS incorrectly validates the first byte of padding in CBC modes

Impact & exploitability

Attack vectorNetwork

Attack complexityHigh

Privileges requiredNone

User interactionNone

Confidentiality impactHigh

Integrity impactNone

Availability impactNone

Exploit probability (EPSS)2%

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products we track (1)

GnuTLS

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313 ↗

Additional information

NVD record
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313Patch
http://www.debian.org/security/2015/dsa-3408Advisory
http://www.securityfocus.com/archive/1/537012/100/0/threadedAdvisory
http://www.securityfocus.com/bid/78327Advisory
https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.htmlAdvisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313Advisory
https://security-tracker.debian.org/tracker/CVE-2015-8313Advisory