Your submission was sent successfully! Close

CVE-2008-1950

Published: 21 May 2008

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

Priority

Medium

Status

Package Release Status
gnutls12
Launchpad, Ubuntu, Debian
dapper
Released (1.2.9-2ubuntu1.2)
feisty Does not exist

gutsy Does not exist

hardy Does not exist

upstream Needs triage

gnutls13
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty
Released (1.4.4-3ubuntu0.1)
gutsy
Released (1.6.3-1ubuntu0.1)
hardy
Released (2.0.4-1ubuntu2.1)
upstream Needs triage

gnutls26
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy Does not exist

upstream
Released (2.2.5)