CVE Database


Impact: Critical
Public: 2008-05-19
Bugzilla: 447461: CVE-2008-1948 GNUTLS-SA-2008-1-1 GnuTLS buffer overflow


The MITRE CVE dictionary describes this issue as:

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.

Find out more about CVE-2008-1948 from the MITRE CVE dictionary and NIST NVD.

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 4 (gnutls) RHSA-2008:0492 May 20, 2008
Red Hat Enterprise Linux version 5 (gnutls) RHSA-2008:0489 May 20, 2008

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.