Back to search
CVE-2008-1950
Published: May 21, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
30331
third-party-advisory
x_refsource_SECUNIA
31939
third-party-advisory
x_refsource_SECUNIA
USN-613-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SA:2008:046
vendor-advisory
x_refsource_SUSE
RHSA-2008:0492
vendor-advisory
x_refsource_REDHAT
[oss-security] 20080520 Re: CVE ID request: GNUTLS
mailing-list
x_refsource_MLIST
GLSA-200805-20
vendor-advisory
x_refsource_GENTOO
30355
third-party-advisory
x_refsource_SECUNIA
30317
third-party-advisory
x_refsource_SECUNIA
20080520 Vulnerability Advisory on GnuTLS
mailing-list
x_refsource_BUGTRAQ
RHSA-2008:0489
vendor-advisory
x_refsource_REDHAT
20080522 rPSA-2008-0174-1 gnutls
mailing-list
x_refsource_BUGTRAQ
[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]
mailing-list
x_refsource_MLIST
30324
third-party-advisory
x_refsource_SECUNIA
30302
third-party-advisory
x_refsource_SECUNIA
[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]
mailing-list
x_refsource_MLIST
ADV-2008-1583
vdb-entry
x_refsource_VUPEN
29292
vdb-entry
x_refsource_BID
FEDORA-2008-4274
vendor-advisory
x_refsource_FEDORA
30330
third-party-advisory
x_refsource_SECUNIA
1020059
vdb-entry
x_refsource_SECTRACK
ADV-2008-1582
vdb-entry
x_refsource_VUPEN
[oss-security] 20080520 Re: CVE ID request: GNUTLS
mailing-list
x_refsource_MLIST
VU#659209
third-party-advisory
x_refsource_CERT-VN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174
x_refsource_CONFIRM
30338
third-party-advisory
x_refsource_SECUNIA
[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release
mailing-list
x_refsource_MLIST
DSA-1581
vendor-advisory
x_refsource_DEBIAN
[oss-security] 20080520 Re: CVE ID request: GNUTLS
mailing-list
x_refsource_MLIST
gnutls-gnutlsciphertext2compressed-bo(42533)
vdb-entry
x_refsource_XF
FEDORA-2008-4259
vendor-advisory
x_refsource_FEDORA
3902
third-party-advisory
x_refsource_SREASON
https://issues.rpath.com/browse/RPL-2552
x_refsource_CONFIRM
30287
third-party-advisory
x_refsource_SECUNIA
http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html
x_refsource_MISC
FEDORA-2008-4183
vendor-advisory
x_refsource_FEDORA
oval:org.mitre.oval:def:11393
vdb-entry
signature
x_refsource_OVAL
MDVSA-2008:106
vendor-advisory
x_refsource_MANDRIVA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now