CVE - CVE-2008-1949

CVE-ID
CVE-2008-1949	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:29292 URL:http://www.securityfocus.com/bid/29292 BUGTRAQ:20080520 Vulnerability Advisory on GnuTLS URL:http://www.securityfocus.com/archive/1/492282/100/0/threaded BUGTRAQ:20080522 rPSA-2008-0174-1 gnutls URL:http://www.securityfocus.com/archive/1/492464/100/0/threaded CERT-VN:VU#252626 URL:http://www.kb.cert.org/vuls/id/252626 CONFIRM:http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174 CONFIRM:https://issues.rpath.com/browse/RPL-2552 DEBIAN:DSA-1581 URL:http://www.debian.org/security/2008/dsa-1581 FEDORA:FEDORA-2008-4183 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html FEDORA:FEDORA-2008-4259 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html FEDORA:FEDORA-2008-4274 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html GENTOO:GLSA-200805-20 URL:http://security.gentoo.org/glsa/glsa-200805-20.xml MANDRIVA:MDVSA-2008:106 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:106 MISC:http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html MLIST:[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1] URL:http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html MLIST:[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release URL:http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html MLIST:[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1] URL:http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html MLIST:[oss-security] 20080520 Re: CVE ID request: GNUTLS URL:http://www.openwall.com/lists/oss-security/2008/05/20/1 MLIST:[oss-security] 20080520 Re: CVE ID request: GNUTLS URL:http://www.openwall.com/lists/oss-security/2008/05/20/2 MLIST:[oss-security] 20080520 Re: CVE ID request: GNUTLS URL:http://www.openwall.com/lists/oss-security/2008/05/20/3 OVAL:oval:org.mitre.oval:def:9519 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519 REDHAT:RHSA-2008:0489 URL:http://www.redhat.com/support/errata/RHSA-2008-0489.html REDHAT:RHSA-2008:0492 URL:http://www.redhat.com/support/errata/RHSA-2008-0492.html SECTRACK:1020058 URL:http://www.securitytracker.com/id?1020058 SECUNIA:30287 URL:http://secunia.com/advisories/30287 SECUNIA:30302 URL:http://secunia.com/advisories/30302 SECUNIA:30317 URL:http://secunia.com/advisories/30317 SECUNIA:30324 URL:http://secunia.com/advisories/30324 SECUNIA:30330 URL:http://secunia.com/advisories/30330 SECUNIA:30331 URL:http://secunia.com/advisories/30331 SECUNIA:30338 URL:http://secunia.com/advisories/30338 SECUNIA:30355 URL:http://secunia.com/advisories/30355 SECUNIA:31939 URL:http://secunia.com/advisories/31939 SREASON:3902 URL:http://securityreason.com/securityalert/3902 SUSE:SUSE-SA:2008:046 URL:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html UBUNTU:USN-613-1 URL:http://www.ubuntu.com/usn/usn-613-1 VUPEN:ADV-2008-1582 URL:http://www.vupen.com/english/advisories/2008/1582/references VUPEN:ADV-2008-1583 URL:http://www.vupen.com/english/advisories/2008/1583/references XF:gnutls-gnutlsrecvclientkxmessage-bo(42530) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/42530
Assigning CNA
Red Hat, Inc.
Date Record Created
20080424	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080424)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)