Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2008-1949

Published: 21/05/2008 Updated: 07/11/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Gnu

Vulnerability Summary

The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS prior to 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote malicious users to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu gnutls 2.3.5

gnu gnutls 1.6.0

gnu gnutls 2.0.0

gnu gnutls 1.5.0

gnu gnutls 1.2.8

gnu gnutls 1.1.14

gnu gnutls 2.3.4

gnu gnutls 1.7.3

gnu gnutls 1.4.1

gnu gnutls 1.4.3

gnu gnutls 1.2.11

gnu gnutls 1.1.21

gnu gnutls 1.7.5

gnu gnutls 1.7.11

gnu gnutls 1.0.20

gnu gnutls 1.2.5

gnu gnutls 2.2.4

gnu gnutls 1.2.4

gnu gnutls 1.3.1

gnu gnutls 1.0.24

gnu gnutls 1.7.15

gnu gnutls 1.6.1

gnu gnutls 1.0.21

gnu gnutls 1.4.2

gnu gnutls 1.7.8

gnu gnutls 1.7.0

gnu gnutls 2.1.0

gnu gnutls 2.3.1

gnu gnutls 2.2.5

gnu gnutls 2.1.1

gnu gnutls 2.3.8

gnu gnutls 1.7.18

gnu gnutls 1.1.20

gnu gnutls 2.1.7

gnu gnutls 2.1.4

gnu gnutls 1.2.10

gnu gnutls 1.5.3

gnu gnutls 1.1.22

gnu gnutls 1.6.3

gnu gnutls 2.1.6

gnu gnutls 1.4.5

gnu gnutls 1.5.1

gnu gnutls 1.4.0

gnu gnutls 1.7.4

gnu gnutls 1.7.13

gnu gnutls 2.3.2

gnu gnutls 2.3.9

gnu gnutls 2.2.2

gnu gnutls 2.2.0

gnu gnutls 2.3.11

gnu gnutls 1.3.4

gnu gnutls 1.0.19

gnu gnutls 1.7.2

gnu gnutls 1.2.1

gnu gnutls 1.1.19

gnu gnutls 2.0.4

gnu gnutls 1.1.18

gnu gnutls 1.5.4

gnu gnutls 1.7.9

gnu gnutls 2.1.3

gnu gnutls 1.7.10

gnu gnutls 1.1.13

gnu gnutls 2.3.7

gnu gnutls 2.0.3

gnu gnutls 1.2.2

gnu gnutls 1.7.19

gnu gnutls 1.5.5

gnu gnutls 1.2.0

gnu gnutls 1.0.18

gnu gnutls 1.2.7

gnu gnutls 1.3.2

gnu gnutls 1.0.25

gnu gnutls 1.1.15

gnu gnutls 2.1.2

gnu gnutls 1.0.23

gnu gnutls 1.3.0

gnu gnutls 1.3.5

gnu gnutls 1.7.14

gnu gnutls 1.1.23

gnu gnutls 1.2.3

gnu gnutls 1.2.6

gnu gnutls 2.3.6

gnu gnutls 1.2.9

gnu gnutls 1.7.17

gnu gnutls 2.3.3

gnu gnutls 2.1.8

gnu gnutls 1.7.7

gnu gnutls 2.0.1

gnu gnutls 1.7.6

gnu gnutls 2.2.1

gnu gnutls 2.1.5

gnu gnutls 1.7.1

gnu gnutls 1.5.2

gnu gnutls 1.7.16

gnu gnutls 1.7.12

gnu gnutls 1.1.16

gnu gnutls 2.3.10

gnu gnutls 1.0.22

gnu gnutls 2.0.2

gnu gnutls 2.3.0

gnu gnutls 1.6.2

gnu gnutls 2.2.3

gnu gnutls 1.4.4

gnu gnutls 1.1.17

gnu gnutls 1.3.3

Vendor Advisories

Ubuntu Security Notice: gnutls12, gnutls13 vulnerabilities
Multiple flaws were discovered in the connection handling of GnuTLS A remote attacker could exploit this to crash applications linked against GnuTLS, or possibly execute arbitrary code with permissions of the application’s user ...
Debian Security Advisories: DSA-1581-1 gnutls13 -- several vulnerabilities
Several remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite NOTE: The libgnutls13 package, which provides the GNUTLS library, does not contain logic to automatically restart potentially affected services You must restart affected services manually (mainly Exim, using /etc/initd/exim4 restart) af ...

References

CWE-287http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.htmlhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.htmlhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.htmlhttp://www.openwall.com/lists/oss-security/2008/05/20/1http://www.openwall.com/lists/oss-security/2008/05/20/2http://www.openwall.com/lists/oss-security/2008/05/20/3http://www.cert.fi/haavoittuvuudet/advisory-gnutls.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0489.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0492.htmlhttp://www.securityfocus.com/bid/29292http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558http://www.debian.org/security/2008/dsa-1581https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.htmlhttp://security.gentoo.org/glsa/glsa-200805-20.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:106http://www.ubuntu.com/usn/usn-613-1http://www.securitytracker.com/id?1020058http://secunia.com/advisories/30331http://secunia.com/advisories/30338http://secunia.com/advisories/30302http://secunia.com/advisories/30317http://secunia.com/advisories/30324http://secunia.com/advisories/30287http://secunia.com/advisories/30330http://www.kb.cert.org/vuls/id/252626http://secunia.com/advisories/31939http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.htmlhttp://securityreason.com/securityalert/3902http://secunia.com/advisories/30355http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174https://issues.rpath.com/browse/RPL-2552http://www.vupen.com/english/advisories/2008/1583/referenceshttp://www.vupen.com/english/advisories/2008/1582/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42530https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519http://www.securityfocus.com/archive/1/492464/100/0/threadedhttp://www.securityfocus.com/archive/1/492282/100/0/threadedhttp://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97bhttps://usn.ubuntu.com/613-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/252626
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook