Your submission was sent successfully! Close

CVE-2008-2377

Published: 8 August 2008

Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.

Priority

Low

Status

Package Release Status
gnutls12
Launchpad, Ubuntu, Debian
dapper Not vulnerable

feisty Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream
Released (2.4.1)
gnutls13
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Not vulnerable

gutsy Not vulnerable

hardy Not vulnerable

intrepid Not vulnerable

upstream
Released (2.4.1)
gnutls26
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Not vulnerable

upstream
Released (2.4.1)