CVE-2008-1948 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2008-1948

CVE-2008-1948

May 21, 2008

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.

Related Resources (40)

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html

http://secunia.com/advisories/30355

http://www.securityfocus.com/archive/1/492282/100/0/threaded

http://secunia.com/advisories/30324

http://www.securityfocus.com/bid/29292

http://www.securitytracker.com/id?1020057

http://www.vupen.com/english/advisories/2008/1582/references

http://secunia.com/advisories/30338

http://secunia.com/advisories/30330

http://secunia.com/advisories/30302

http://www.kb.cert.org/vuls/id/111034

http://www.vupen.com/english/advisories/2008/1583/references

http://www.openwall.com/lists/oss-security/2008/05/20/3

http://www.openwall.com/lists/oss-security/2008/05/20/1

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html

http://secunia.com/advisories/30287

http://www.openwall.com/lists/oss-security/2008/05/20/2

http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558

http://securityreason.com/securityalert/3902

http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935

http://www.redhat.com/support/errata/RHSA-2008-0489.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:106

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html

http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174

http://secunia.com/advisories/30331

http://security.gentoo.org/glsa/glsa-200805-20.xml

http://secunia.com/advisories/31939

http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html

http://www.debian.org/security/2008/dsa-1581

http://www.redhat.com/support/errata/RHSA-2008-0492.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html

http://www.securityfocus.com/archive/1/492464/100/0/threaded

http://www.ubuntu.com/usn/usn-613-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/42532

http://secunia.com/advisories/30317

https://issues.rpath.com/browse/RPL-2552

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html

Do you need more information?

CVSS v4

Base Score:

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

CVSS v2

Base Score:

10

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

EPSS

Base Score:

19.90