Back to search
CVE-2011-4128
Published: Dec 8, 2011
Modified: Aug 7, 2024
PUBLISHED
Description
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-1418-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2012:0531
vendor-advisory
x_refsource_REDHAT
[oss-security] 20111108 CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)
mailing-list
x_refsource_MLIST
48712
third-party-advisory
x_refsource_SECUNIA
http://www.gnu.org/software/gnutls/security.html
x_refsource_CONFIRM
FEDORA-2012-4569
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=752308
x_refsource_CONFIRM
RHSA-2012:0488
vendor-advisory
x_refsource_REDHAT
48596
third-party-advisory
x_refsource_SECUNIA
MDVSA-2012:045
vendor-advisory
x_refsource_MANDRIVA
[gnutls-devel] 20111108 Possible buffer overflow on gnutls_session_get_data
mailing-list
x_refsource_MLIST
[oss-security] 20111109 Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)
mailing-list
x_refsource_MLIST
RHSA-2012:0429
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now