CVE - CVE-2008-1950

CVE-ID
CVE-2008-1950	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:29292 URL:http://www.securityfocus.com/bid/29292 BUGTRAQ:20080520 Vulnerability Advisory on GnuTLS URL:http://www.securityfocus.com/archive/1/492282/100/0/threaded BUGTRAQ:20080522 rPSA-2008-0174-1 gnutls URL:http://www.securityfocus.com/archive/1/492464/100/0/threaded CERT-VN:VU#659209 URL:http://www.kb.cert.org/vuls/id/659209 CONFIRM:http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174 CONFIRM:https://issues.rpath.com/browse/RPL-2552 DEBIAN:DSA-1581 URL:http://www.debian.org/security/2008/dsa-1581 FEDORA:FEDORA-2008-4183 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html FEDORA:FEDORA-2008-4259 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html FEDORA:FEDORA-2008-4274 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html GENTOO:GLSA-200805-20 URL:http://security.gentoo.org/glsa/glsa-200805-20.xml MANDRIVA:MDVSA-2008:106 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:106~~ (Obsolete source) MISC:http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html MLIST:[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1] URL:http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html MLIST:[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release URL:http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html MLIST:[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1] URL:http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html MLIST:[oss-security] 20080520 Re: CVE ID request: GNUTLS URL:http://www.openwall.com/lists/oss-security/2008/05/20/1 MLIST:[oss-security] 20080520 Re: CVE ID request: GNUTLS URL:http://www.openwall.com/lists/oss-security/2008/05/20/2 MLIST:[oss-security] 20080520 Re: CVE ID request: GNUTLS URL:http://www.openwall.com/lists/oss-security/2008/05/20/3 OVAL:oval:org.mitre.oval:def:11393 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393 REDHAT:RHSA-2008:0489 URL:http://www.redhat.com/support/errata/RHSA-2008-0489.html REDHAT:RHSA-2008:0492 URL:http://www.redhat.com/support/errata/RHSA-2008-0492.html SECTRACK:1020059 URL:http://www.securitytracker.com/id?1020059 SECUNIA:30287 URL:http://secunia.com/advisories/30287 SECUNIA:30302 URL:http://secunia.com/advisories/30302 SECUNIA:30317 URL:http://secunia.com/advisories/30317 SECUNIA:30324 URL:http://secunia.com/advisories/30324 SECUNIA:30330 URL:http://secunia.com/advisories/30330 SECUNIA:30331 URL:http://secunia.com/advisories/30331 SECUNIA:30338 URL:http://secunia.com/advisories/30338 SECUNIA:30355 URL:http://secunia.com/advisories/30355 SECUNIA:31939 URL:http://secunia.com/advisories/31939 SREASON:3902 URL:http://securityreason.com/securityalert/3902 SUSE:SUSE-SA:2008:046 URL:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html UBUNTU:USN-613-1 URL:http://www.ubuntu.com/usn/usn-613-1 VUPEN:ADV-2008-1582 URL:~~http://www.vupen.com/english/advisories/2008/1582/references~~ (Obsolete source) VUPEN:ADV-2008-1583 URL:~~http://www.vupen.com/english/advisories/2008/1583/references~~ (Obsolete source) XF:gnutls-gnutlsciphertext2compressed-bo(42533) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/42533
Assigning CNA
Red Hat, Inc.
Date Record Created
20080424	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080424)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)