Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2008-1950

Published: 21/05/2008 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Gnu

Vulnerability Summary

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS prior to 2.2.4 allows remote malicious users to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu gnutls 2.3.5

gnu gnutls 1.6.0

gnu gnutls 2.0.0

gnu gnutls 1.5.0

gnu gnutls 1.2.8

gnu gnutls 1.1.14

gnu gnutls 2.3.4

gnu gnutls 1.7.3

gnu gnutls 1.4.1

gnu gnutls 1.4.3

gnu gnutls 1.2.11

gnu gnutls 1.1.21

gnu gnutls 1.7.5

gnu gnutls 1.7.11

gnu gnutls 1.0.20

gnu gnutls 1.2.5

gnu gnutls 2.2.4

gnu gnutls 1.2.4

gnu gnutls 1.3.1

gnu gnutls 1.0.24

gnu gnutls 1.7.15

gnu gnutls 1.6.1

gnu gnutls 1.0.21

gnu gnutls 1.4.2

gnu gnutls 1.7.8

gnu gnutls 1.7.0

gnu gnutls 2.1.0

gnu gnutls 2.3.1

gnu gnutls 2.2.5

gnu gnutls 2.1.1

gnu gnutls 2.3.8

gnu gnutls 1.7.18

gnu gnutls 1.1.20

gnu gnutls 2.1.7

gnu gnutls 2.1.4

gnu gnutls 1.2.10

gnu gnutls 1.5.3

gnu gnutls 1.1.22

gnu gnutls 1.6.3

gnu gnutls 2.1.6

gnu gnutls 1.4.5

gnu gnutls 1.5.1

gnu gnutls 1.4.0

gnu gnutls 1.7.4

gnu gnutls 1.7.13

gnu gnutls 2.3.2

gnu gnutls 2.3.9

gnu gnutls 2.2.2

gnu gnutls 2.2.0

gnu gnutls 2.3.11

gnu gnutls 1.3.4

gnu gnutls 1.0.19

gnu gnutls 1.7.2

gnu gnutls 1.2.1

gnu gnutls 1.1.19

gnu gnutls 2.0.4

gnu gnutls 1.1.18

gnu gnutls 1.5.4

gnu gnutls 1.7.9

gnu gnutls 2.1.3

gnu gnutls 1.7.10

gnu gnutls 1.1.13

gnu gnutls 2.3.7

gnu gnutls 2.0.3

gnu gnutls 1.2.2

gnu gnutls 1.7.19

gnu gnutls 1.5.5

gnu gnutls 1.2.0

gnu gnutls 1.0.18

gnu gnutls 1.2.7

gnu gnutls 1.3.2

gnu gnutls 1.0.25

gnu gnutls 1.1.15

gnu gnutls 2.1.2

gnu gnutls 1.0.23

gnu gnutls 1.3.0

gnu gnutls 1.3.5

gnu gnutls 1.7.14

gnu gnutls 1.1.23

gnu gnutls 1.2.3

gnu gnutls 1.2.6

gnu gnutls 2.3.6

gnu gnutls 1.2.9

gnu gnutls 1.7.17

gnu gnutls 2.3.3

gnu gnutls 2.1.8

gnu gnutls 1.7.7

gnu gnutls 2.0.1

gnu gnutls 1.7.6

gnu gnutls 2.2.1

gnu gnutls 2.1.5

gnu gnutls 1.7.1

gnu gnutls 1.5.2

gnu gnutls 1.7.16

gnu gnutls 1.7.12

gnu gnutls 1.1.16

gnu gnutls 2.3.10

gnu gnutls 1.0.22

gnu gnutls 2.0.2

gnu gnutls 2.3.0

gnu gnutls 1.6.2

gnu gnutls 2.2.3

gnu gnutls 1.4.4

gnu gnutls 1.1.17

gnu gnutls 1.3.3

Vendor Advisories

Ubuntu Security Notice: gnutls12, gnutls13 vulnerabilities
Multiple flaws were discovered in the connection handling of GnuTLS A remote attacker could exploit this to crash applications linked against GnuTLS, or possibly execute arbitrary code with permissions of the application’s user ...
Debian Security Advisories: DSA-1581-1 gnutls13 -- several vulnerabilities
Several remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite NOTE: The libgnutls13 package, which provides the GNUTLS library, does not contain logic to automatically restart potentially affected services You must restart affected services manually (mainly Exim, using /etc/initd/exim4 restart) af ...

References

CWE-189http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.htmlhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.htmlhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.htmlhttp://www.openwall.com/lists/oss-security/2008/05/20/1http://www.openwall.com/lists/oss-security/2008/05/20/2http://www.openwall.com/lists/oss-security/2008/05/20/3http://www.cert.fi/haavoittuvuudet/advisory-gnutls.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0489.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0492.htmlhttp://www.securityfocus.com/bid/29292http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558http://www.debian.org/security/2008/dsa-1581https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.htmlhttp://security.gentoo.org/glsa/glsa-200805-20.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:106http://www.ubuntu.com/usn/usn-613-1http://www.securitytracker.com/id?1020059http://secunia.com/advisories/30331http://secunia.com/advisories/30338http://secunia.com/advisories/30302http://secunia.com/advisories/30317http://secunia.com/advisories/30324http://secunia.com/advisories/30287http://secunia.com/advisories/30330http://www.kb.cert.org/vuls/id/659209http://secunia.com/advisories/31939http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.htmlhttp://securityreason.com/securityalert/3902http://secunia.com/advisories/30355http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174https://issues.rpath.com/browse/RPL-2552http://www.vupen.com/english/advisories/2008/1583/referenceshttp://www.vupen.com/english/advisories/2008/1582/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42533https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393http://www.securityfocus.com/archive/1/492464/100/0/threadedhttp://www.securityfocus.com/archive/1/492282/100/0/threadedhttp://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97bhttps://usn.ubuntu.com/613-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/659209
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook