CVE-2008-1950

Impact:
Important
Public Date:
2008-05-19
Bugzilla:
447463: CVE-2008-1950 GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw

The MITRE CVE dictionary describes this issue as:

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

Find out more about CVE-2008-1950 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (gnutls) RHSA-2008:0489 2008-05-20
Red Hat Enterprise Linux 4 (gnutls) RHSA-2008:0492 2008-05-20

Last Modified