CVE-2008-1948Gnutls vulnerability

CWE-1896 documents6 sources
Severity
10.0CRITICALNVD
EPSS
19.9%
top 4.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Gnutls
Timeline
PublishedMay 21
Latest updateMay 1

Description

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDgnu/gnutls105 versions+104

Patches

Patch: www.openwall.comPatch: www.securityfocus.comPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-pc6g-9pg3-9q52: The _gnutls_server_name_recv_params function in lib/ext_server_name2022-05-01
CVEList
CVE-2008-1948: The _gnutls_server_name_recv_params function in lib/ext_server_name2008-05-21

📋Vendor Advisories

2
Ubuntu
GnuTLS vulnerabilities2008-05-21
Red Hat
GNUTLS-SA-2008-1-1 GnuTLS buffer overflow2008-05-19

💬Community

1
Bugzilla
CVE-2008-1948 GNUTLS-SA-2008-1-1 GnuTLS buffer overflow2008-05-19
CVE-2008-1948 — GNU Gnutls vulnerability | cvebase