Your submission was sent successfully! Close

CVE-2008-1949

Published: 21 May 2008

The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.

Priority

Medium

Status

Package Release Status
gnutls12
Launchpad, Ubuntu, Debian
dapper
Released (1.2.9-2ubuntu1.2)
feisty Does not exist

gutsy Does not exist

hardy Does not exist

upstream Needs triage

gnutls13
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty
Released (1.4.4-3ubuntu0.1)
gutsy
Released (1.6.3-1ubuntu0.1)
hardy
Released (2.0.4-1ubuntu2.1)
upstream Needs triage

gnutls26
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy Does not exist

upstream
Released (2.2.5)