CVE-2008-1950
Published: 21 May 2008
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gnutls12 Launchpad, Ubuntu, Debian |
dapper |
Released
(1.2.9-2ubuntu1.2)
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
gnutls13 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| feisty |
Released
(1.4.4-3ubuntu0.1)
|
|
| gutsy |
Released
(1.6.3-1ubuntu0.1)
|
|
| hardy |
Released
(2.0.4-1ubuntu2.1)
|
|
| upstream |
Needs triage
|
|
|
gnutls26 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| upstream |
Released
(2.2.5)
|