QwikSec

Security Database

CVE

CWE

Training

CVE-2008-1948

Published: May 21, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

SUSE-SA:2008:046

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

[oss-security] 20080520 Re: CVE ID request: GNUTLS

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

20080520 Vulnerability Advisory on GnuTLS

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_REDHAT

20080522 rPSA-2008-0174-1 gnutls

mailing-list

x_refsource_BUGTRAQ

gnutls-gnutlsservernamerecvparams-bo(42532)

vdb-entry

x_refsource_XF

[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]

mailing-list

x_refsource_MLIST

http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558

x_refsource_CONFIRM

third-party-advisory

x_refsource_CERT-VN

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_BID

FEDORA-2008-4274

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

[oss-security] 20080520 Re: CVE ID request: GNUTLS

mailing-list

x_refsource_MLIST

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20080520 Re: CVE ID request: GNUTLS

mailing-list

x_refsource_MLIST

FEDORA-2008-4259

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SREASON

https://issues.rpath.com/browse/RPL-2552

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

third-party-advisory

x_refsource_SECUNIA

http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b

x_refsource_CONFIRM

oval:org.mitre.oval:def:10935

vdb-entry

signature

x_refsource_OVAL

http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html

x_refsource_MISC

FEDORA-2008-4183

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_MANDRIVA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.