Red Hat Customer Portal

Skip to main content

CVE-2008-1949

Impact:
Important
Public Date:
2008-05-19
CWE:
CWE-476
Bugzilla:
447462: CVE-2008-1949 GNUTLS-SA-2008-1-2 GnuTLS null-pointer dereference

The MITRE CVE dictionary describes this issue as:

The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.

Find out more about CVE-2008-1949 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (gnutls) RHSA-2008:0489 2008-05-20
Red Hat Enterprise Linux 4 (gnutls) RHSA-2008:0492 2008-05-20

Last Modified