CVE-2008-2377

CWE-119Buffer Overflow4 documents4 sources
Severity
7.6HIGH
EPSS
12.2%
top 6.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Gnutls
Timeline
PublishedAug 8
Latest updateMay 1

Description

Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDgnu/gnutls6 versions+5

Patches

Patch: article.gmane.orgPatch: article.gmane.org

🔴Vulnerability Details

2
GHSA
GHSA-9h4r-gpqc-r78x: Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake2022-05-01
CVEList
CVE-2008-2377: Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake2008-08-08

📋Vendor Advisories

1
Red Hat
CVE-2008-2377: Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake
CVE-2008-2377 (HIGH CVSS 7.6) | Use-after-free vulnerability in the | cvebase.io