Back to search
CVE-2008-2377
Published: Aug 8, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[gnutls-devel] 20080630 GnuTLS 2.4.1
mailing-list
x_refsource_MLIST
https://issues.rpath.com/browse/RPL-2650
x_refsource_CONFIRM
http://www.gnu.org/software/gnutls/security.html
x_refsource_CONFIRM
[gnutls-devel] 20080630 Details on the gnutls_handshake local crash problem [GNUTLS-SA-2008-2]
mailing-list
x_refsource_MLIST
ADV-2008-2398
vdb-entry
x_refsource_VUPEN
30713
vdb-entry
x_refsource_BID
gnutls-gnutlshandshake-code-execution(44486)
vdb-entry
x_refsource_XF
31505
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now