CVE Database


Impact: Important
Public: 2008-05-19
Bugzilla: 447462: CVE-2008-1949 GNUTLS-SA-2008-1-2 GnuTLS null-pointer dereference


The MITRE CVE dictionary describes this issue as:

The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.

Find out more about CVE-2008-1949 from the MITRE CVE dictionary and NIST NVD.

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 4 (gnutls) RHSA-2008:0492 May 20, 2008
Red Hat Enterprise Linux version 5 (gnutls) RHSA-2008:0489 May 20, 2008

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.