CVE Database


Impact: Important
Public: 2008-05-19
Bugzilla: 447463: CVE-2008-1950 GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw


The MITRE CVE dictionary describes this issue as:

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

Find out more about CVE-2008-1950 from the MITRE CVE dictionary and NIST NVD.

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 4 (gnutls) RHSA-2008:0492 May 20, 2008
Red Hat Enterprise Linux version 5 (gnutls) RHSA-2008:0489 May 20, 2008

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.