CVE-2008-2377
Published: 8 August 2008
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
Priority
Status
Package | Release | Status |
---|---|---|
gnutls12 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Released
(2.4.1)
|
|
gnutls13 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Not vulnerable
|
|
gutsy |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
upstream |
Released
(2.4.1)
|
|
gnutls26 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Released
(2.4.1)
|