Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2008-1948

Published: 21/05/2008 Updated: 07/11/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Gnu

Vulnerability Summary

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS prior to 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu gnutls 2.3.5

gnu gnutls 1.6.0

gnu gnutls 2.0.0

gnu gnutls 1.5.0

gnu gnutls 1.2.8

gnu gnutls 1.1.14

gnu gnutls 2.3.4

gnu gnutls 1.7.3

gnu gnutls 1.4.1

gnu gnutls 1.4.3

gnu gnutls 1.2.11

gnu gnutls 1.1.21

gnu gnutls 1.7.5

gnu gnutls 1.7.11

gnu gnutls 1.0.20

gnu gnutls 1.2.5

gnu gnutls 2.2.4

gnu gnutls 1.2.4

gnu gnutls 1.3.1

gnu gnutls 1.0.24

gnu gnutls 1.7.15

gnu gnutls 1.6.1

gnu gnutls 1.0.21

gnu gnutls 1.4.2

gnu gnutls 1.7.8

gnu gnutls 1.7.0

gnu gnutls 2.1.0

gnu gnutls 2.3.1

gnu gnutls 2.2.5

gnu gnutls 2.1.1

gnu gnutls 2.3.8

gnu gnutls 1.7.18

gnu gnutls 1.1.20

gnu gnutls 2.1.7

gnu gnutls 2.1.4

gnu gnutls 1.2.10

gnu gnutls 1.5.3

gnu gnutls 1.1.22

gnu gnutls 1.6.3

gnu gnutls 2.1.6

gnu gnutls 1.4.5

gnu gnutls 1.5.1

gnu gnutls 1.4.0

gnu gnutls 1.7.4

gnu gnutls 1.7.13

gnu gnutls 2.3.2

gnu gnutls 2.3.9

gnu gnutls 2.2.2

gnu gnutls 2.2.0

gnu gnutls 2.3.11

gnu gnutls 1.3.4

gnu gnutls 1.0.19

gnu gnutls 1.7.2

gnu gnutls 1.2.1

gnu gnutls 1.1.19

gnu gnutls 2.0.4

gnu gnutls 1.1.18

gnu gnutls 1.5.4

gnu gnutls 1.7.9

gnu gnutls 2.1.3

gnu gnutls 1.7.10

gnu gnutls 1.1.13

gnu gnutls 2.3.7

gnu gnutls 2.0.3

gnu gnutls 1.2.2

gnu gnutls 1.7.19

gnu gnutls 1.5.5

gnu gnutls 1.2.0

gnu gnutls 1.0.18

gnu gnutls 1.2.7

gnu gnutls 1.3.2

gnu gnutls 1.0.25

gnu gnutls 1.1.15

gnu gnutls 2.1.2

gnu gnutls 1.0.23

gnu gnutls 1.3.0

gnu gnutls 1.3.5

gnu gnutls 1.7.14

gnu gnutls 1.1.23

gnu gnutls 1.2.3

gnu gnutls 1.2.6

gnu gnutls 2.3.6

gnu gnutls 1.2.9

gnu gnutls 1.7.17

gnu gnutls 2.3.3

gnu gnutls 2.1.8

gnu gnutls 1.7.7

gnu gnutls 2.0.1

gnu gnutls 1.7.6

gnu gnutls 2.2.1

gnu gnutls 2.1.5

gnu gnutls 1.7.1

gnu gnutls 1.5.2

gnu gnutls 1.7.16

gnu gnutls 1.7.12

gnu gnutls 1.1.16

gnu gnutls 2.3.10

gnu gnutls 1.0.22

gnu gnutls 2.0.2

gnu gnutls 2.3.0

gnu gnutls 1.6.2

gnu gnutls 2.2.3

gnu gnutls 1.4.4

gnu gnutls 1.1.17

gnu gnutls 1.3.3

Vendor Advisories

Ubuntu Security Notice: gnutls12, gnutls13 vulnerabilities
Multiple flaws were discovered in the connection handling of GnuTLS A remote attacker could exploit this to crash applications linked against GnuTLS, or possibly execute arbitrary code with permissions of the application’s user ...
Debian Security Advisories: DSA-1581-1 gnutls13 -- several vulnerabilities
Several remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite NOTE: The libgnutls13 package, which provides the GNUTLS library, does not contain logic to automatically restart potentially affected services You must restart affected services manually (mainly Exim, using /etc/initd/exim4 restart) af ...

References

CWE-189http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.htmlhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.htmlhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.htmlhttp://www.openwall.com/lists/oss-security/2008/05/20/1http://www.openwall.com/lists/oss-security/2008/05/20/2http://www.openwall.com/lists/oss-security/2008/05/20/3http://www.cert.fi/haavoittuvuudet/advisory-gnutls.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0489.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0492.htmlhttp://www.securityfocus.com/bid/29292http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558http://www.debian.org/security/2008/dsa-1581https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.htmlhttp://security.gentoo.org/glsa/glsa-200805-20.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:106http://www.ubuntu.com/usn/usn-613-1http://www.securitytracker.com/id?1020057http://secunia.com/advisories/30331http://secunia.com/advisories/30338http://secunia.com/advisories/30302http://secunia.com/advisories/30317http://secunia.com/advisories/30324http://secunia.com/advisories/30287http://secunia.com/advisories/30330http://www.kb.cert.org/vuls/id/111034http://secunia.com/advisories/31939http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.htmlhttp://securityreason.com/securityalert/3902http://secunia.com/advisories/30355http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174https://issues.rpath.com/browse/RPL-2552http://www.vupen.com/english/advisories/2008/1583/referenceshttp://www.vupen.com/english/advisories/2008/1582/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42532https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935http://www.securityfocus.com/archive/1/492464/100/0/threadedhttp://www.securityfocus.com/archive/1/492282/100/0/threadedhttp://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97bhttps://usn.ubuntu.com/613-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook