5

CVE-2008-1950

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGnutls Version1.0.18
GnuGnutls Version1.0.19
GnuGnutls Version1.0.20
GnuGnutls Version1.0.21
GnuGnutls Version1.0.22
GnuGnutls Version1.0.23
GnuGnutls Version1.0.24
GnuGnutls Version1.0.25
GnuGnutls Version1.1.13
GnuGnutls Version1.1.14
GnuGnutls Version1.1.15
GnuGnutls Version1.1.16
GnuGnutls Version1.1.17
GnuGnutls Version1.1.18
GnuGnutls Version1.1.19
GnuGnutls Version1.1.20
GnuGnutls Version1.1.21
GnuGnutls Version1.1.22
GnuGnutls Version1.1.23
GnuGnutls Version1.2.0
GnuGnutls Version1.2.1
GnuGnutls Version1.2.2
GnuGnutls Version1.2.3
GnuGnutls Version1.2.4
GnuGnutls Version1.2.5
GnuGnutls Version1.2.6
GnuGnutls Version1.2.7
GnuGnutls Version1.2.8
GnuGnutls Version1.2.9
GnuGnutls Version1.2.10
GnuGnutls Version1.2.11
GnuGnutls Version1.3.0
GnuGnutls Version1.3.1
GnuGnutls Version1.3.2
GnuGnutls Version1.3.3
GnuGnutls Version1.3.4
GnuGnutls Version1.3.5
GnuGnutls Version1.4.0
GnuGnutls Version1.4.1
GnuGnutls Version1.4.2
GnuGnutls Version1.4.3
GnuGnutls Version1.4.4
GnuGnutls Version1.4.5
GnuGnutls Version1.5.0
GnuGnutls Version1.5.1
GnuGnutls Version1.5.2
GnuGnutls Version1.5.3
GnuGnutls Version1.5.4
GnuGnutls Version1.5.5
GnuGnutls Version1.6.0
GnuGnutls Version1.6.1
GnuGnutls Version1.6.2
GnuGnutls Version1.6.3
GnuGnutls Version1.7.0
GnuGnutls Version1.7.1
GnuGnutls Version1.7.2
GnuGnutls Version1.7.3
GnuGnutls Version1.7.4
GnuGnutls Version1.7.5
GnuGnutls Version1.7.6
GnuGnutls Version1.7.7
GnuGnutls Version1.7.8
GnuGnutls Version1.7.9
GnuGnutls Version1.7.10
GnuGnutls Version1.7.11
GnuGnutls Version1.7.12
GnuGnutls Version1.7.13
GnuGnutls Version1.7.14
GnuGnutls Version1.7.15
GnuGnutls Version1.7.16
GnuGnutls Version1.7.17
GnuGnutls Version1.7.18
GnuGnutls Version1.7.19
GnuGnutls Version2.0.0
GnuGnutls Version2.0.1
GnuGnutls Version2.0.2
GnuGnutls Version2.0.3
GnuGnutls Version2.0.4
GnuGnutls Version2.1.0
GnuGnutls Version2.1.1
GnuGnutls Version2.1.2
GnuGnutls Version2.1.3
GnuGnutls Version2.1.4
GnuGnutls Version2.1.5
GnuGnutls Version2.1.6
GnuGnutls Version2.1.7
GnuGnutls Version2.1.8
GnuGnutls Version2.2.0
GnuGnutls Version2.2.1
GnuGnutls Version2.2.2
GnuGnutls Version2.2.3
GnuGnutls Version2.2.4
GnuGnutls Version2.2.5
GnuGnutls Version2.3.0
GnuGnutls Version2.3.1
GnuGnutls Version2.3.2
GnuGnutls Version2.3.3
GnuGnutls Version2.3.4
GnuGnutls Version2.3.5
GnuGnutls Version2.3.6
GnuGnutls Version2.3.7
GnuGnutls Version2.3.8
GnuGnutls Version2.3.9
GnuGnutls Version2.3.10
GnuGnutls Version2.3.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.95% 0.911
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html
Patch
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html
http://secunia.com/advisories/30287
http://secunia.com/advisories/30302
http://secunia.com/advisories/30317
http://secunia.com/advisories/30324
http://secunia.com/advisories/30330
http://secunia.com/advisories/30331
http://secunia.com/advisories/30338
http://secunia.com/advisories/30355
http://secunia.com/advisories/31939
http://security.gentoo.org/glsa/glsa-200805-20.xml
http://securityreason.com/securityalert/3902
http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174
http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html
http://www.debian.org/security/2008/dsa-1581
http://www.mandriva.com/security/advisories?name=MDVSA-2008:106
http://www.openwall.com/lists/oss-security/2008/05/20/1
http://www.openwall.com/lists/oss-security/2008/05/20/2
Patch
http://www.openwall.com/lists/oss-security/2008/05/20/3
http://www.redhat.com/support/errata/RHSA-2008-0489.html
http://www.redhat.com/support/errata/RHSA-2008-0492.html
http://www.securityfocus.com/archive/1/492282/100/0/threaded
http://www.securityfocus.com/archive/1/492464/100/0/threaded
http://www.securityfocus.com/bid/29292
http://www.ubuntu.com/usn/usn-613-1
http://www.vupen.com/english/advisories/2008/1582/references
http://www.vupen.com/english/advisories/2008/1583/references
https://issues.rpath.com/browse/RPL-2552
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html
http://www.kb.cert.org/vuls/id/659209
US Government Resource
http://www.securitytracker.com/id?1020059
https://exchange.xforce.ibmcloud.com/vulnerabilities/42533
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393