10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.084 Low
EPSS
Percentile
94.5%
GnuTLS is an implementation of Secure Sockets Layer (SSL) 3.0 and Transport Layer Security (TLS) 1.0, 1.1 and 1.2.
Ossi Herrala and Jukka Taimisto of Codenomicon reported three vulnerabilities in libgnutls of GnuTLS:
Unauthenticated remote attackers could exploit these vulnerabilities to cause Denial of Service conditions in daemons using GnuTLS. The first vulnerability (CVE-2008-1948) might allow for the execution of arbitrary code with the privileges of the daemon handling incoming TLS connections.
There is no known workaround at this time.
All GnuTLS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.2.5"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-libs/gnutls | <Β 2.2.5 | UNKNOWN |