CVE-2011-4128Improper Restriction of Operations within the Bounds of a Memory Buffer in Gnutls

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
1.4%
top 19.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Gnutls
Timeline
PublishedDec 8
Latest updateMay 14

Description

Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDgnu/gnutls22 versions+21

🔴Vulnerability Details

2
GHSA
GHSA-frg2-36r7-7hpc: Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session2022-05-14
CVEList
CVE-2011-4128: Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session2011-12-08

📋Vendor Advisories

2
Ubuntu
GnuTLS vulnerabilities2012-04-05
Red Hat
gnutls: buffer overflow in gnutls_session_get_data() (GNUTLS-SA-2011-2)2011-11-07

💬Community

2
Bugzilla
CVE-2011-4128 gnutls: possible DoS due to buffer overflow (GNUTLS-SA-2011-2) [fedora-all]2011-11-10
Bugzilla
CVE-2011-4128 gnutls: buffer overflow in gnutls_session_get_data() (GNUTLS-SA-2011-2)2011-11-09
CVE-2011-4128 — GNU Gnutls vulnerability | cvebase