Lucene search

[email protected]NVD:CVE-2008-1950

HistoryMay 21, 2008 - 1:24 p.m.

CVE-2008-1950

2008-05-2113:24:00

CWE-189

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.063 Low

EPSS

Percentile

93.6%

JSON

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

Affected configurations

NVD

Node

gnugnutlsMatch1.0.18

gnugnutlsMatch1.0.19

gnugnutlsMatch1.0.20

gnugnutlsMatch1.0.21

gnugnutlsMatch1.0.22

gnugnutlsMatch1.0.23

gnugnutlsMatch1.0.24

gnugnutlsMatch1.0.25

gnugnutlsMatch1.1.13

gnugnutlsMatch1.1.14

gnugnutlsMatch1.1.15

gnugnutlsMatch1.1.16

gnugnutlsMatch1.1.17

gnugnutlsMatch1.1.18

gnugnutlsMatch1.1.19

gnugnutlsMatch1.1.20

gnugnutlsMatch1.1.21

gnugnutlsMatch1.1.22

gnugnutlsMatch1.1.23

gnugnutlsMatch1.2.0

gnugnutlsMatch1.2.1

gnugnutlsMatch1.2.2

gnugnutlsMatch1.2.3

gnugnutlsMatch1.2.4

gnugnutlsMatch1.2.5

gnugnutlsMatch1.2.6

gnugnutlsMatch1.2.7

gnugnutlsMatch1.2.8

gnugnutlsMatch1.2.9

gnugnutlsMatch1.2.10

gnugnutlsMatch1.2.11

gnugnutlsMatch1.3.0

gnugnutlsMatch1.3.1

gnugnutlsMatch1.3.2

gnugnutlsMatch1.3.3

gnugnutlsMatch1.3.4

gnugnutlsMatch1.3.5

gnugnutlsMatch1.4.0

gnugnutlsMatch1.4.1

gnugnutlsMatch1.4.2

gnugnutlsMatch1.4.3

gnugnutlsMatch1.4.4

gnugnutlsMatch1.4.5

gnugnutlsMatch1.5.0

gnugnutlsMatch1.5.1

gnugnutlsMatch1.5.2

gnugnutlsMatch1.5.3

gnugnutlsMatch1.5.4

gnugnutlsMatch1.5.5

gnugnutlsMatch1.6.0

gnugnutlsMatch1.6.1

gnugnutlsMatch1.6.2

gnugnutlsMatch1.6.3

gnugnutlsMatch1.7.0

gnugnutlsMatch1.7.1

gnugnutlsMatch1.7.2

gnugnutlsMatch1.7.3

gnugnutlsMatch1.7.4

gnugnutlsMatch1.7.5

gnugnutlsMatch1.7.6

gnugnutlsMatch1.7.7

gnugnutlsMatch1.7.8

gnugnutlsMatch1.7.9

gnugnutlsMatch1.7.10

gnugnutlsMatch1.7.11

gnugnutlsMatch1.7.12

gnugnutlsMatch1.7.13

gnugnutlsMatch1.7.14

gnugnutlsMatch1.7.15

gnugnutlsMatch1.7.16

gnugnutlsMatch1.7.17

gnugnutlsMatch1.7.18

gnugnutlsMatch1.7.19

gnugnutlsMatch2.0.0

gnugnutlsMatch2.0.1

gnugnutlsMatch2.0.2

gnugnutlsMatch2.0.3

gnugnutlsMatch2.0.4

gnugnutlsMatch2.1.0

gnugnutlsMatch2.1.1

gnugnutlsMatch2.1.2

gnugnutlsMatch2.1.3

gnugnutlsMatch2.1.4

gnugnutlsMatch2.1.5

gnugnutlsMatch2.1.6

gnugnutlsMatch2.1.7

gnugnutlsMatch2.1.8

gnugnutlsMatch2.2.0

gnugnutlsMatch2.2.1

gnugnutlsMatch2.2.2

gnugnutlsMatch2.2.3

gnugnutlsMatch2.2.4

gnugnutlsMatch2.2.5

gnugnutlsMatch2.3.0

gnugnutlsMatch2.3.1

gnugnutlsMatch2.3.2

gnugnutlsMatch2.3.3

gnugnutlsMatch2.3.4

gnugnutlsMatch2.3.5

gnugnutlsMatch2.3.6

gnugnutlsMatch2.3.7

gnugnutlsMatch2.3.8

gnugnutlsMatch2.3.9

gnugnutlsMatch2.3.10

gnugnutlsMatch2.3.11

References

git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b

lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html

lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html

lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html

lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html

secunia.com/advisories/30287

secunia.com/advisories/30302

secunia.com/advisories/30317

secunia.com/advisories/30324

secunia.com/advisories/30330

secunia.com/advisories/30331

secunia.com/advisories/30338

secunia.com/advisories/30355

secunia.com/advisories/31939

security.gentoo.org/glsa/glsa-200805-20.xml

securityreason.com/securityalert/3902

sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558

wiki.rpath.com/wiki/Advisories:rPSA-2008-0174

www.cert.fi/haavoittuvuudet/advisory-gnutls.html

www.debian.org/security/2008/dsa-1581

www.kb.cert.org/vuls/id/659209

www.mandriva.com/security/advisories?name=MDVSA-2008:106

www.openwall.com/lists/oss-security/2008/05/20/1

www.openwall.com/lists/oss-security/2008/05/20/2

www.openwall.com/lists/oss-security/2008/05/20/3

www.redhat.com/support/errata/RHSA-2008-0489.html

www.redhat.com/support/errata/RHSA-2008-0492.html

www.securityfocus.com/archive/1/492282/100/0/threaded

www.securityfocus.com/archive/1/492464/100/0/threaded

www.securityfocus.com/bid/29292

www.securitytracker.com/id?1020059

www.ubuntu.com/usn/usn-613-1

www.vupen.com/english/advisories/2008/1582/references

www.vupen.com/english/advisories/2008/1583/references

exchange.xforce.ibmcloud.com/vulnerabilities/42533

issues.rpath.com/browse/RPL-2552

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393

www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.063 Low

EPSS

Percentile

93.6%

JSON

Related for NVD:CVE-2008-1950

prion1 cve1 cert2 ubuntucve1 cvelist1 nessus21 openvas30 slackware1 ubuntu1 fedora4 oraclelinux2 centos2 redhat2 suse1 gentoo1 debian1 osv1 seebug1