Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.6
CVSSv2

CVE-2008-2377

Published: 08/08/2008 Updated: 08/08/2017
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
VMScore: 676
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Gnutls

Vulnerability Summary

Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 up to and including 2.4.0 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu gnutls 2.3.7

gnu gnutls 2.3.8

gnu gnutls 2.3.9

gnu gnutls 2.4.0

gnu gnutls 2.3.5

gnu gnutls 2.3.6

References

CWE-119http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.htmlhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947http://www.gnu.org/software/gnutls/security.htmlhttps://issues.rpath.com/browse/RPL-2650http://secunia.com/advisories/31505http://www.securityfocus.com/bid/30713http://www.vupen.com/english/advisories/2008/2398https://exchange.xforce.ibmcloud.com/vulnerabilities/44486https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook