9.3

CVE-2008-1949

Exploit
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGnutls Version1.0.18
GnuGnutls Version1.0.19
GnuGnutls Version1.0.20
GnuGnutls Version1.0.21
GnuGnutls Version1.0.22
GnuGnutls Version1.0.23
GnuGnutls Version1.0.24
GnuGnutls Version1.0.25
GnuGnutls Version1.1.13
GnuGnutls Version1.1.14
GnuGnutls Version1.1.15
GnuGnutls Version1.1.16
GnuGnutls Version1.1.17
GnuGnutls Version1.1.18
GnuGnutls Version1.1.19
GnuGnutls Version1.1.20
GnuGnutls Version1.1.21
GnuGnutls Version1.1.22
GnuGnutls Version1.1.23
GnuGnutls Version1.2.0
GnuGnutls Version1.2.1
GnuGnutls Version1.2.2
GnuGnutls Version1.2.3
GnuGnutls Version1.2.4
GnuGnutls Version1.2.5
GnuGnutls Version1.2.6
GnuGnutls Version1.2.7
GnuGnutls Version1.2.8
GnuGnutls Version1.2.9
GnuGnutls Version1.2.10
GnuGnutls Version1.2.11
GnuGnutls Version1.3.0
GnuGnutls Version1.3.1
GnuGnutls Version1.3.2
GnuGnutls Version1.3.3
GnuGnutls Version1.3.4
GnuGnutls Version1.3.5
GnuGnutls Version1.4.0
GnuGnutls Version1.4.1
GnuGnutls Version1.4.2
GnuGnutls Version1.4.3
GnuGnutls Version1.4.4
GnuGnutls Version1.4.5
GnuGnutls Version1.5.0
GnuGnutls Version1.5.1
GnuGnutls Version1.5.2
GnuGnutls Version1.5.3
GnuGnutls Version1.5.4
GnuGnutls Version1.5.5
GnuGnutls Version1.6.0
GnuGnutls Version1.6.1
GnuGnutls Version1.6.2
GnuGnutls Version1.6.3
GnuGnutls Version1.7.0
GnuGnutls Version1.7.1
GnuGnutls Version1.7.2
GnuGnutls Version1.7.3
GnuGnutls Version1.7.4
GnuGnutls Version1.7.5
GnuGnutls Version1.7.6
GnuGnutls Version1.7.7
GnuGnutls Version1.7.8
GnuGnutls Version1.7.9
GnuGnutls Version1.7.10
GnuGnutls Version1.7.11
GnuGnutls Version1.7.12
GnuGnutls Version1.7.13
GnuGnutls Version1.7.14
GnuGnutls Version1.7.15
GnuGnutls Version1.7.16
GnuGnutls Version1.7.17
GnuGnutls Version1.7.18
GnuGnutls Version1.7.19
GnuGnutls Version2.0.0
GnuGnutls Version2.0.1
GnuGnutls Version2.0.2
GnuGnutls Version2.0.3
GnuGnutls Version2.0.4
GnuGnutls Version2.1.0
GnuGnutls Version2.1.1
GnuGnutls Version2.1.2
GnuGnutls Version2.1.3
GnuGnutls Version2.1.4
GnuGnutls Version2.1.5
GnuGnutls Version2.1.6
GnuGnutls Version2.1.7
GnuGnutls Version2.1.8
GnuGnutls Version2.2.0
GnuGnutls Version2.2.1
GnuGnutls Version2.2.2
GnuGnutls Version2.2.3
GnuGnutls Version2.2.4
GnuGnutls Version2.2.5
GnuGnutls Version2.3.0
GnuGnutls Version2.3.1
GnuGnutls Version2.3.2
GnuGnutls Version2.3.3
GnuGnutls Version2.3.4
GnuGnutls Version2.3.5
GnuGnutls Version2.3.6
GnuGnutls Version2.3.7
GnuGnutls Version2.3.8
GnuGnutls Version2.3.9
GnuGnutls Version2.3.10
GnuGnutls Version2.3.11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.17% 0.944
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.