CVE-2011-4128
Published: 8 December 2011
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
Notes
Author | Note |
---|---|
jdstrand | According to upstream, this is client side only and requires clients to be written in a certain undocumented way. Upstream searched for this and found no clients to be vulnerable. |
Priority
Status
Package | Release | Status |
---|---|---|
gnutls13 Launchpad, Ubuntu, Debian |
hardy |
Released
(2.0.4-1ubuntu2.7)
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450 |
||
gnutls26 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(2.8.5-2ubuntu0.1)
|
|
maverick |
Released
(2.8.6-1ubuntu0.1)
|
|
natty |
Released
(2.8.6-1ubuntu2.1)
|
|
oneiric |
Released
(2.10.5-1ubuntu3.1)
|
|
upstream |
Released
(2.12.14)
|
|
Patches: upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450 |