Lucene search

RedhatCVE-2008-1950

HistoryMay 21, 2008 - 1:24 p.m.

CVE-2008-1950

2008-05-2113:24:00

CWE-189

redhat

web.nvd.nist.gov

cve-2008-1950

gnutls

buffer over-read

denial of service

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.1

Confidence

Low

EPSS

0.063

Percentile

93.6%

JSON

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

Affected configurations

Nvd

Node

gnugnutlsMatch1.0.18

gnugnutlsMatch1.0.19

gnugnutlsMatch1.0.20

gnugnutlsMatch1.0.21

gnugnutlsMatch1.0.22

gnugnutlsMatch1.0.23

gnugnutlsMatch1.0.24

gnugnutlsMatch1.0.25

gnugnutlsMatch1.1.13

gnugnutlsMatch1.1.14

gnugnutlsMatch1.1.15

gnugnutlsMatch1.1.16

gnugnutlsMatch1.1.17

gnugnutlsMatch1.1.18

gnugnutlsMatch1.1.19

gnugnutlsMatch1.1.20

gnugnutlsMatch1.1.21

gnugnutlsMatch1.1.22

gnugnutlsMatch1.1.23

gnugnutlsMatch1.2.0

gnugnutlsMatch1.2.1

gnugnutlsMatch1.2.2

gnugnutlsMatch1.2.3

gnugnutlsMatch1.2.4

gnugnutlsMatch1.2.5

gnugnutlsMatch1.2.6

gnugnutlsMatch1.2.7

gnugnutlsMatch1.2.8

gnugnutlsMatch1.2.9

gnugnutlsMatch1.2.10

gnugnutlsMatch1.2.11

gnugnutlsMatch1.3.0

gnugnutlsMatch1.3.1

gnugnutlsMatch1.3.2

gnugnutlsMatch1.3.3

gnugnutlsMatch1.3.4

gnugnutlsMatch1.3.5

gnugnutlsMatch1.4.0

gnugnutlsMatch1.4.1

gnugnutlsMatch1.4.2

gnugnutlsMatch1.4.3

gnugnutlsMatch1.4.4

gnugnutlsMatch1.4.5

gnugnutlsMatch1.5.0

gnugnutlsMatch1.5.1

gnugnutlsMatch1.5.2

gnugnutlsMatch1.5.3

gnugnutlsMatch1.5.4

gnugnutlsMatch1.5.5

gnugnutlsMatch1.6.0

gnugnutlsMatch1.6.1

gnugnutlsMatch1.6.2

gnugnutlsMatch1.6.3

gnugnutlsMatch1.7.0

gnugnutlsMatch1.7.1

gnugnutlsMatch1.7.2

gnugnutlsMatch1.7.3

gnugnutlsMatch1.7.4

gnugnutlsMatch1.7.5

gnugnutlsMatch1.7.6

gnugnutlsMatch1.7.7

gnugnutlsMatch1.7.8

gnugnutlsMatch1.7.9

gnugnutlsMatch1.7.10

gnugnutlsMatch1.7.11

gnugnutlsMatch1.7.12

gnugnutlsMatch1.7.13

gnugnutlsMatch1.7.14

gnugnutlsMatch1.7.15

gnugnutlsMatch1.7.16

gnugnutlsMatch1.7.17

gnugnutlsMatch1.7.18

gnugnutlsMatch1.7.19

gnugnutlsMatch2.0.0

gnugnutlsMatch2.0.1

gnugnutlsMatch2.0.2

gnugnutlsMatch2.0.3

gnugnutlsMatch2.0.4

gnugnutlsMatch2.1.0

gnugnutlsMatch2.1.1

gnugnutlsMatch2.1.2

gnugnutlsMatch2.1.3

gnugnutlsMatch2.1.4

gnugnutlsMatch2.1.5

gnugnutlsMatch2.1.6

gnugnutlsMatch2.1.7

gnugnutlsMatch2.1.8

gnugnutlsMatch2.2.0

gnugnutlsMatch2.2.1

gnugnutlsMatch2.2.2

gnugnutlsMatch2.2.3

gnugnutlsMatch2.2.4

gnugnutlsMatch2.2.5

gnugnutlsMatch2.3.0

gnugnutlsMatch2.3.1

gnugnutlsMatch2.3.2

gnugnutlsMatch2.3.3

gnugnutlsMatch2.3.4

gnugnutlsMatch2.3.5

gnugnutlsMatch2.3.6

gnugnutlsMatch2.3.7

gnugnutlsMatch2.3.8

gnugnutlsMatch2.3.9

gnugnutlsMatch2.3.10

gnugnutlsMatch2.3.11

VendorProductVersionCPE
gnugnutls1.0.18cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
gnugnutls1.0.19cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
gnugnutls1.0.20cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
gnugnutls1.0.21cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
gnugnutls1.0.22cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
gnugnutls1.0.23cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
gnugnutls1.0.24cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
gnugnutls1.0.25cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
gnugnutls1.1.13cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*
gnugnutls1.1.14cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	gnutls	1.0.18	cpe:2.3:a:gnu:gnutls:1.0.18:::::::*
gnu	gnutls	1.0.19	cpe:2.3:a:gnu:gnutls:1.0.19:::::::*
gnu	gnutls	1.0.20	cpe:2.3:a:gnu:gnutls:1.0.20:::::::*
gnu	gnutls	1.0.21	cpe:2.3:a:gnu:gnutls:1.0.21:::::::*
gnu	gnutls	1.0.22	cpe:2.3:a:gnu:gnutls:1.0.22:::::::*
gnu	gnutls	1.0.23	cpe:2.3:a:gnu:gnutls:1.0.23:::::::*
gnu	gnutls	1.0.24	cpe:2.3:a:gnu:gnutls:1.0.24:::::::*
gnu	gnutls	1.0.25	cpe:2.3:a:gnu:gnutls:1.0.25:::::::*
gnu	gnutls	1.1.13	cpe:2.3:a:gnu:gnutls:1.1.13:::::::*
gnu	gnutls	1.1.14	cpe:2.3:a:gnu:gnutls:1.1.14:::::::*

Rows per page:

1-10 of 1051

References

git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b

lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html

lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html

lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html

lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html

secunia.com/advisories/30287

secunia.com/advisories/30302

secunia.com/advisories/30317

secunia.com/advisories/30324

secunia.com/advisories/30330

secunia.com/advisories/30331

secunia.com/advisories/30338

secunia.com/advisories/30355

secunia.com/advisories/31939

security.gentoo.org/glsa/glsa-200805-20.xml

securityreason.com/securityalert/3902

sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558

wiki.rpath.com/wiki/Advisories:rPSA-2008-0174

www.cert.fi/haavoittuvuudet/advisory-gnutls.html

www.debian.org/security/2008/dsa-1581

www.kb.cert.org/vuls/id/659209

www.mandriva.com/security/advisories?name=MDVSA-2008:106

www.openwall.com/lists/oss-security/2008/05/20/1

www.openwall.com/lists/oss-security/2008/05/20/2

www.openwall.com/lists/oss-security/2008/05/20/3

www.redhat.com/support/errata/RHSA-2008-0489.html

www.redhat.com/support/errata/RHSA-2008-0492.html

www.securityfocus.com/archive/1/492282/100/0/threaded

www.securityfocus.com/archive/1/492464/100/0/threaded

www.securityfocus.com/bid/29292

www.securitytracker.com/id?1020059

www.ubuntu.com/usn/usn-613-1

www.vupen.com/english/advisories/2008/1582/references

www.vupen.com/english/advisories/2008/1583/references

exchange.xforce.ibmcloud.com/vulnerabilities/42533

issues.rpath.com/browse/RPL-2552

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393

www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.1

Confidence

Low

EPSS

0.063

Percentile

93.6%

JSON

Related for CVE-2008-1950