PublicDate: 2008-08-08 19:41:00 UTC
Candidate: CVE-2008-2377
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2377
Description:
 Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear
 function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through
 2.4.0 allows remote attackers to cause a denial of service (crash) or
 possibly execute arbitrary code via TLS transmission of data that is
 improperly used when the peer calls gnutls_handshake within a normal
 session, leading to attempted access to a deallocated libgcrypt handle.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_gnutls26:
upstream_gnutls26: released (2.4.1)
dapper_gnutls26: DNE
feisty_gnutls26: DNE
gutsy_gnutls26: DNE
hardy_gnutls26: DNE
devel_gnutls26: not-affected

Patches_gnutls12:
upstream_gnutls12: released (2.4.1)
dapper_gnutls12: not-affected
feisty_gnutls12: DNE
gutsy_gnutls12: DNE
hardy_gnutls12: DNE
devel_gnutls12: DNE

Patches_gnutls13:
upstream_gnutls13: released (2.4.1)
dapper_gnutls13: DNE
feisty_gnutls13: not-affected
gutsy_gnutls13: not-affected
hardy_gnutls13: not-affected
devel_gnutls13: not-affected