CVE-2008-1949
Published: 21 May 2008
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gnutls12 Launchpad, Ubuntu, Debian |
dapper |
Released
(1.2.9-2ubuntu1.2)
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
gnutls13 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| feisty |
Released
(1.4.4-3ubuntu0.1)
|
|
| gutsy |
Released
(1.6.3-1ubuntu0.1)
|
|
| hardy |
Released
(2.0.4-1ubuntu2.1)
|
|
| upstream |
Needs triage
|
|
|
gnutls26 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| upstream |
Released
(2.2.5)
|