Back to search
CVE-2008-1949
Published: May 21, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
30331
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:9519
vdb-entry
signature
x_refsource_OVAL
31939
third-party-advisory
x_refsource_SECUNIA
USN-613-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SA:2008:046
vendor-advisory
x_refsource_SUSE
RHSA-2008:0492
vendor-advisory
x_refsource_REDHAT
[oss-security] 20080520 Re: CVE ID request: GNUTLS
mailing-list
x_refsource_MLIST
GLSA-200805-20
vendor-advisory
x_refsource_GENTOO
30355
third-party-advisory
x_refsource_SECUNIA
30317
third-party-advisory
x_refsource_SECUNIA
20080520 Vulnerability Advisory on GnuTLS
mailing-list
x_refsource_BUGTRAQ
RHSA-2008:0489
vendor-advisory
x_refsource_REDHAT
20080522 rPSA-2008-0174-1 gnutls
mailing-list
x_refsource_BUGTRAQ
[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]
mailing-list
x_refsource_MLIST
30324
third-party-advisory
x_refsource_SECUNIA
30302
third-party-advisory
x_refsource_SECUNIA
[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]
mailing-list
x_refsource_MLIST
ADV-2008-1583
vdb-entry
x_refsource_VUPEN
29292
vdb-entry
x_refsource_BID
FEDORA-2008-4274
vendor-advisory
x_refsource_FEDORA
30330
third-party-advisory
x_refsource_SECUNIA
ADV-2008-1582
vdb-entry
x_refsource_VUPEN
[oss-security] 20080520 Re: CVE ID request: GNUTLS
mailing-list
x_refsource_MLIST
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174
x_refsource_CONFIRM
30338
third-party-advisory
x_refsource_SECUNIA
[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release
mailing-list
x_refsource_MLIST
DSA-1581
vendor-advisory
x_refsource_DEBIAN
[oss-security] 20080520 Re: CVE ID request: GNUTLS
mailing-list
x_refsource_MLIST
FEDORA-2008-4259
vendor-advisory
x_refsource_FEDORA
3902
third-party-advisory
x_refsource_SREASON
https://issues.rpath.com/browse/RPL-2552
x_refsource_CONFIRM
30287
third-party-advisory
x_refsource_SECUNIA
http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html
x_refsource_MISC
gnutls-gnutlsrecvclientkxmessage-bo(42530)
vdb-entry
x_refsource_XF
FEDORA-2008-4183
vendor-advisory
x_refsource_FEDORA
1020058
vdb-entry
x_refsource_SECTRACK
MDVSA-2008:106
vendor-advisory
x_refsource_MANDRIVA
VU#252626
third-party-advisory
x_refsource_CERT-VN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now