Vulnerability-Lookup

CVE-2008-1950 (GCVE-0-2008-1950)

Vulnerability from cvelistv5 – Published: 2008-05-21 10:00 – Updated: 2024-08-07 08:41

Summary

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/30331	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/31939	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-613-1	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2008-04…	vendor-advisoryx_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2008/05/20/1	mailing-listx_refsource_MLIST
	http://security.gentoo.org/glsa/glsa-200805-20.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/30355	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/30317	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/492282/100…	mailing-listx_refsource_BUGTRAQ
	http://www.redhat.com/support/errata/RHSA-2008-04…	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/archive/1/492464/100…	mailing-listx_refsource_BUGTRAQ
	http://lists.gnu.org/archive/html/gnutls-devel/20…	mailing-listx_refsource_MLIST
	http://sourceforge.net/project/shownotes.php?rele…	x_refsource_CONFIRM
	http://secunia.com/advisories/30324	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/30302	third-party-advisoryx_refsource_SECUNIA
	http://lists.gnu.org/archive/html/gnutls-devel/20…	mailing-listx_refsource_MLIST
	http://www.vupen.com/english/advisories/2008/1583…	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/29292	vdb-entryx_refsource_BID
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/30330	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1020059	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2008/1582…	vdb-entryx_refsource_VUPEN
	http://www.openwall.com/lists/oss-security/2008/05/20/3	mailing-listx_refsource_MLIST
	http://www.kb.cert.org/vuls/id/659209	third-party-advisoryx_refsource_CERT-VN
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174	x_refsource_CONFIRM
	http://secunia.com/advisories/30338	third-party-advisoryx_refsource_SECUNIA
	http://lists.gnu.org/archive/html/gnutls-devel/20…	mailing-listx_refsource_MLIST
	http://www.debian.org/security/2008/dsa-1581	vendor-advisoryx_refsource_DEBIAN
	http://www.openwall.com/lists/oss-security/2008/05/20/2	mailing-listx_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://securityreason.com/securityalert/3902	third-party-advisoryx_refsource_SREASON
	https://issues.rpath.com/browse/RPL-2552	x_refsource_CONFIRM
	http://secunia.com/advisories/30287	third-party-advisoryx_refsource_SECUNIA
	http://git.savannah.gnu.org/gitweb/?p=gnutls.git%…	x_refsource_CONFIRM
	http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html	x_refsource_MISC
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:41:00.178Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "30331",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30331"
          },
          {
            "name": "31939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31939"
          },
          {
            "name": "USN-613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-613-1"
          },
          {
            "name": "SUSE-SA:2008:046",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
          },
          {
            "name": "RHSA-2008:0492",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
          },
          {
            "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
          },
          {
            "name": "GLSA-200805-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
          },
          {
            "name": "30355",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30355"
          },
          {
            "name": "30317",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30317"
          },
          {
            "name": "20080520 Vulnerability Advisory on GnuTLS",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
          },
          {
            "name": "RHSA-2008:0489",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
          },
          {
            "name": "20080522 rPSA-2008-0174-1 gnutls",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
          },
          {
            "name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
          },
          {
            "name": "30324",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30324"
          },
          {
            "name": "30302",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30302"
          },
          {
            "name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
          },
          {
            "name": "ADV-2008-1583",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1583/references"
          },
          {
            "name": "29292",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29292"
          },
          {
            "name": "FEDORA-2008-4274",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
          },
          {
            "name": "30330",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30330"
          },
          {
            "name": "1020059",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020059"
          },
          {
            "name": "ADV-2008-1582",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1582/references"
          },
          {
            "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
          },
          {
            "name": "VU#659209",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/659209"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
          },
          {
            "name": "30338",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30338"
          },
          {
            "name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
          },
          {
            "name": "DSA-1581",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1581"
          },
          {
            "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
          },
          {
            "name": "gnutls-gnutlsciphertext2compressed-bo(42533)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533"
          },
          {
            "name": "FEDORA-2008-4259",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
          },
          {
            "name": "3902",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3902"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2552"
          },
          {
            "name": "30287",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30287"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
          },
          {
            "name": "FEDORA-2008-4183",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11393",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393"
          },
          {
            "name": "MDVSA-2008:106",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "30331",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30331"
        },
        {
          "name": "31939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31939"
        },
        {
          "name": "USN-613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-613-1"
        },
        {
          "name": "SUSE-SA:2008:046",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
        },
        {
          "name": "RHSA-2008:0492",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
        },
        {
          "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
        },
        {
          "name": "GLSA-200805-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
        },
        {
          "name": "30355",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30355"
        },
        {
          "name": "30317",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30317"
        },
        {
          "name": "20080520 Vulnerability Advisory on GnuTLS",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
        },
        {
          "name": "RHSA-2008:0489",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
        },
        {
          "name": "20080522 rPSA-2008-0174-1 gnutls",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
        },
        {
          "name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
        },
        {
          "name": "30324",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30324"
        },
        {
          "name": "30302",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30302"
        },
        {
          "name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
        },
        {
          "name": "ADV-2008-1583",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1583/references"
        },
        {
          "name": "29292",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29292"
        },
        {
          "name": "FEDORA-2008-4274",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
        },
        {
          "name": "30330",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30330"
        },
        {
          "name": "1020059",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020059"
        },
        {
          "name": "ADV-2008-1582",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1582/references"
        },
        {
          "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
        },
        {
          "name": "VU#659209",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/659209"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
        },
        {
          "name": "30338",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30338"
        },
        {
          "name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
        },
        {
          "name": "DSA-1581",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1581"
        },
        {
          "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
        },
        {
          "name": "gnutls-gnutlsciphertext2compressed-bo(42533)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533"
        },
        {
          "name": "FEDORA-2008-4259",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
        },
        {
          "name": "3902",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3902"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2552"
        },
        {
          "name": "30287",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30287"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
        },
        {
          "name": "FEDORA-2008-4183",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11393",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393"
        },
        {
          "name": "MDVSA-2008:106",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-1950",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "30331",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30331"
            },
            {
              "name": "31939",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31939"
            },
            {
              "name": "USN-613-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-613-1"
            },
            {
              "name": "SUSE-SA:2008:046",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
            },
            {
              "name": "RHSA-2008:0492",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
            },
            {
              "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
            },
            {
              "name": "GLSA-200805-20",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
            },
            {
              "name": "30355",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30355"
            },
            {
              "name": "30317",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30317"
            },
            {
              "name": "20080520 Vulnerability Advisory on GnuTLS",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
            },
            {
              "name": "RHSA-2008:0489",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
            },
            {
              "name": "20080522 rPSA-2008-0174-1 gnutls",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
            },
            {
              "name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
              "refsource": "MLIST",
              "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
            },
            {
              "name": "30324",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30324"
            },
            {
              "name": "30302",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30302"
            },
            {
              "name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
              "refsource": "MLIST",
              "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
            },
            {
              "name": "ADV-2008-1583",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1583/references"
            },
            {
              "name": "29292",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29292"
            },
            {
              "name": "FEDORA-2008-4274",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
            },
            {
              "name": "30330",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30330"
            },
            {
              "name": "1020059",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020059"
            },
            {
              "name": "ADV-2008-1582",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1582/references"
            },
            {
              "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
            },
            {
              "name": "VU#659209",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/659209"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
            },
            {
              "name": "30338",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30338"
            },
            {
              "name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
              "refsource": "MLIST",
              "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
            },
            {
              "name": "DSA-1581",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1581"
            },
            {
              "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
            },
            {
              "name": "gnutls-gnutlsciphertext2compressed-bo(42533)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533"
            },
            {
              "name": "FEDORA-2008-4259",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
            },
            {
              "name": "3902",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3902"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2552",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-2552"
            },
            {
              "name": "30287",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30287"
            },
            {
              "name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
              "refsource": "CONFIRM",
              "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
            },
            {
              "name": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
              "refsource": "MISC",
              "url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
            },
            {
              "name": "FEDORA-2008-4183",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11393",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393"
            },
            {
              "name": "MDVSA-2008:106",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-1950",
    "datePublished": "2008-05-21T10:00:00.000Z",
    "dateReserved": "2008-04-24T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:41:00.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2008-1950

Vulnerability from fkie_nvd - Published: 2008-05-21 13:24 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b
secalert@redhat.com	http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html	Patch
secalert@redhat.com	http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html
secalert@redhat.com	http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html
secalert@redhat.com	http://secunia.com/advisories/30287
secalert@redhat.com	http://secunia.com/advisories/30302
secalert@redhat.com	http://secunia.com/advisories/30317
secalert@redhat.com	http://secunia.com/advisories/30324
secalert@redhat.com	http://secunia.com/advisories/30330
secalert@redhat.com	http://secunia.com/advisories/30331
secalert@redhat.com	http://secunia.com/advisories/30338
secalert@redhat.com	http://secunia.com/advisories/30355
secalert@redhat.com	http://secunia.com/advisories/31939
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200805-20.xml
secalert@redhat.com	http://securityreason.com/securityalert/3902
secalert@redhat.com	http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558
secalert@redhat.com	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174
secalert@redhat.com	http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html
secalert@redhat.com	http://www.debian.org/security/2008/dsa-1581
secalert@redhat.com	http://www.kb.cert.org/vuls/id/659209	US Government Resource
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2008:106
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2008/05/20/1
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2008/05/20/2	Patch
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2008/05/20/3
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0489.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0492.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/492282/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/492464/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/29292
secalert@redhat.com	http://www.securitytracker.com/id?1020059
secalert@redhat.com	http://www.ubuntu.com/usn/usn-613-1
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/1582/references
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/1583/references
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/42533
secalert@redhat.com	https://issues.rpath.com/browse/RPL-2552
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html
af854a3a-2127-422b-91ae-364da2661108	http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b
af854a3a-2127-422b-91ae-364da2661108	http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30287
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30302
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30317
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30324
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30330
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30331
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30338
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30355
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31939
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200805-20.xml
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3902
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174
af854a3a-2127-422b-91ae-364da2661108	http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1581
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/659209	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:106
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/05/20/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/05/20/2	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/05/20/3
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0489.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0492.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/492282/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/492464/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29292
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020059
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-613-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1582/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1583/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42533
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-2552
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html

Impacted products

Vendor	Product	Version
gnu	gnutls	1.0.18
gnu	gnutls	1.0.19
gnu	gnutls	1.0.20
gnu	gnutls	1.0.21
gnu	gnutls	1.0.22
gnu	gnutls	1.0.23
gnu	gnutls	1.0.24
gnu	gnutls	1.0.25
gnu	gnutls	1.1.13
gnu	gnutls	1.1.14
gnu	gnutls	1.1.15
gnu	gnutls	1.1.16
gnu	gnutls	1.1.17
gnu	gnutls	1.1.18
gnu	gnutls	1.1.19
gnu	gnutls	1.1.20
gnu	gnutls	1.1.21
gnu	gnutls	1.1.22
gnu	gnutls	1.1.23
gnu	gnutls	1.2.0
gnu	gnutls	1.2.1
gnu	gnutls	1.2.2
gnu	gnutls	1.2.3
gnu	gnutls	1.2.4
gnu	gnutls	1.2.5
gnu	gnutls	1.2.6
gnu	gnutls	1.2.7
gnu	gnutls	1.2.8
gnu	gnutls	1.2.9
gnu	gnutls	1.2.10
gnu	gnutls	1.2.11
gnu	gnutls	1.3.0
gnu	gnutls	1.3.1
gnu	gnutls	1.3.2
gnu	gnutls	1.3.3
gnu	gnutls	1.3.4
gnu	gnutls	1.3.5
gnu	gnutls	1.4.0
gnu	gnutls	1.4.1
gnu	gnutls	1.4.2
gnu	gnutls	1.4.3
gnu	gnutls	1.4.4
gnu	gnutls	1.4.5
gnu	gnutls	1.5.0
gnu	gnutls	1.5.1
gnu	gnutls	1.5.2
gnu	gnutls	1.5.3
gnu	gnutls	1.5.4
gnu	gnutls	1.5.5
gnu	gnutls	1.6.0
gnu	gnutls	1.6.1
gnu	gnutls	1.6.2
gnu	gnutls	1.6.3
gnu	gnutls	1.7.0
gnu	gnutls	1.7.1
gnu	gnutls	1.7.2
gnu	gnutls	1.7.3
gnu	gnutls	1.7.4
gnu	gnutls	1.7.5
gnu	gnutls	1.7.6
gnu	gnutls	1.7.7
gnu	gnutls	1.7.8
gnu	gnutls	1.7.9
gnu	gnutls	1.7.10
gnu	gnutls	1.7.11
gnu	gnutls	1.7.12
gnu	gnutls	1.7.13
gnu	gnutls	1.7.14
gnu	gnutls	1.7.15
gnu	gnutls	1.7.16
gnu	gnutls	1.7.17
gnu	gnutls	1.7.18
gnu	gnutls	1.7.19
gnu	gnutls	2.0.0
gnu	gnutls	2.0.1
gnu	gnutls	2.0.2
gnu	gnutls	2.0.3
gnu	gnutls	2.0.4
gnu	gnutls	2.1.0
gnu	gnutls	2.1.1
gnu	gnutls	2.1.2
gnu	gnutls	2.1.3
gnu	gnutls	2.1.4
gnu	gnutls	2.1.5
gnu	gnutls	2.1.6
gnu	gnutls	2.1.7
gnu	gnutls	2.1.8
gnu	gnutls	2.2.0
gnu	gnutls	2.2.1
gnu	gnutls	2.2.2
gnu	gnutls	2.2.3
gnu	gnutls	2.2.4
gnu	gnutls	2.2.5
gnu	gnutls	2.3.0
gnu	gnutls	2.3.1
gnu	gnutls	2.3.2
gnu	gnutls	2.3.3
gnu	gnutls	2.3.4
gnu	gnutls	2.3.5
gnu	gnutls	2.3.6
gnu	gnutls	2.3.7
gnu	gnutls	2.3.8
gnu	gnutls	2.3.9
gnu	gnutls	2.3.10
gnu	gnutls	2.3.11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "A466931C-769A-4A28-B072-10930CE655E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F621DC-7967-4D97-A562-02E7033C89C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "776E5481-399F-45BC-AD20-A18508B03916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D7F972-9128-4A4D-8508-B38CE2F155E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "54FE4766-32D0-491E-8C71-5B998C468142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F980857-2364-466A-8366-BD017D242222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2E649D-5C45-4412-927B-E3EDCE07587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "052B40C1-C29B-4189-9A45-DAE873AB716D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "61D05BC3-1315-4AC7-884D-41459272C94B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "738F29DA-9741-4BA5-B370-417443A3AC2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "52173492-1031-4AA4-A600-6210581059D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB636C36-2884-4F66-B68A-4494AEAF90C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9200C3-0F46-4238-918B-38D95BF11547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B84A4F5-CED7-4633-913F-BE8235F68616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB6EC88-DCE0-439B-89CD-18229965849B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E2C89DD-CDBD-4772-A031-089F32006D80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00DE1208-BDDC-405B-A34A-B58D00A279DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5C952BF-A135-4B15-8A51-94D66B618469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ADED309-0A25-478D-B542-96217A0DD63E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F714D22-873A-4D64-8151-86BB55EFD084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E9181F9-50FF-4995-9554-022CF93376C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C70F69-FB80-4F32-A798-71A5153E6C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A1E604-500E-4181-BF66-BB69C7C3F425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7073EAD-06C9-4309-B479-135021E82B99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1895868E-E501-42C2-8450-EEED4447BAB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "199AA36A-3B23-438C-9109-CC9000372986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD6FFF05-37B2-4D69-86AF-921591382D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "22802660-D33F-4683-B82F-C94AC6170A73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5DBAF08-1441-4F14-A740-E90044B77042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3B6684-3890-4B60-BE67-D06045A86B3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D61596-01EB-4936-923B-63537625F926",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "599EB59C-7717-47A8-84C6-78B6D79AEB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E9005E-5034-43F2-B96E-7829E19FE3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F22BF4-A738-438B-8D0B-6993640F0D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AF269AE-121B-4982-A765-5C7E806FA9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C9F604-7FBE-4759-B039-8F5894574203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "191821CD-E4CB-4269-B04C-284A9F9783B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A71474-958D-4689-A652-3E2A731F47FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38169043-17DF-4CF9-963A-8770B8882357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4537676-A72E-4433-B44F-3664EDD6F240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D085B16-3116-423F-BDE0-2D93E12650A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3."
    },
    {
      "lang": "es",
      "value": "Error en signo de entero de la funci\u00f3n the _gnutls_ciphertext2compressed en lib/gnutls_cipher.c de libgnutls en GnuTLS versiones anteriores a la 2.2.4, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (sobre-lectura de b\u00fafer y ca\u00edda) a trav\u00e9s de determinados valores de entero en el campo Random de un mensaje Client Hello encriptado dentro de un registro TLS con una longitud de registro no v\u00e1lida, lo cual conlleva una longitud de relleno de cifra no v\u00e1lido, tambi\u00e9n conocido como GNUTLS-SA-2008-1-3."
    }
  ],
  "evaluatorSolution": "The vendor has released a statement regarding this issue:\r\n\r\nhttp://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001208.html",
  "id": "CVE-2008-1950",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-05-21T13:24:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30287"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30302"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30317"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30324"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30330"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30331"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30338"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30355"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31939"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/3902"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1581"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/659209"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/29292"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1020059"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-613-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1582/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1583/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-2552"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30302"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30331"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/659209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-613-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1582/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1583/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-2552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2008-AVI-262

Vulnerability from certfr_avis - Published: 2008-05-22 - Updated: 2008-09-18

De multiples vulnérabilités ont été découvertes dans GnuTLS et permettent à une personne malveillante d'effectuer un déni de service ou une exécution de code arbitraire à distance.

Description

Plusieurs vulnérabilités de GnuTLS permettent à une personne malveillante d'effectuer un déni de service ou une exécution de code à distance. Ces vulnérabilités peuvent être exploitées via :

des messages Client Hello dans des packets TLS spécialement conçus ;
des données TLS chiffrées spécialement conçues exploitant une erreur dans la fonction _gnutls_ciphertext2compressed().

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
GnuTLS	N/A	FileZilla 3.x.
GnuTLS	N/A	GnuTLS 2.x ;
GnuTLS	N/A	FileZilla 2.x ;
GnuTLS	N/A	GnuTLS 1.x ;

References

Title

Publication Time

Tags

Note de version GnuTLS du 19 mai 2008	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2008:0489 du 20 mai 2008 :	-	other
Bulletin de sécurité RedHat RHSA-2008:0492 du 20 mai 2008 :	-	other
Bulletin de sécurité Gentoo GLSA-200805-20 du 21 mai 2008 :	-	other
Note de version GnuTLS 2.2.5 du 19 mai 2008 :	-	other
Bulletin de sécurité Ubuntu USN-613-1 du 21 mai 2008 :	-	other
Note de version FileZilla 3.010 du 20 mai 2008 :	-	other
Bulletin de sécurité Debian DSA-1581 du 20 mai 2008 :	-	other
Site de téléchargement du projet FileZilla :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FileZilla 3.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GnuTLS",
          "scada": false
        }
      }
    },
    {
      "description": "GnuTLS 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GnuTLS",
          "scada": false
        }
      }
    },
    {
      "description": "FileZilla 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GnuTLS",
          "scada": false
        }
      }
    },
    {
      "description": "GnuTLS 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GnuTLS",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de GnuTLS permettent \u00e0 une personne\nmalveillante d\u0027effectuer un d\u00e9ni de service ou une ex\u00e9cution de code \u00e0\ndistance. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es via :\n\n-   des messages Client Hello dans des packets TLS sp\u00e9cialement con\u00e7us ;\n-   des donn\u00e9es TLS chiffr\u00e9es sp\u00e9cialement con\u00e7ues exploitant une erreur\n    dans la fonction \\_gnutls_ciphertext2compressed().\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1948"
    },
    {
      "name": "CVE-2008-1949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1949"
    },
    {
      "name": "CVE-2008-1950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1950"
    }
  ],
  "initial_release_date": "2008-05-22T00:00:00",
  "last_revision_date": "2008-09-18T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0489 du 20 mai 2008 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0489.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0492 du 20 mai 2008 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0492.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200805-20 du 21 mai 2008 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-20.xml"
    },
    {
      "title": "Note de version GnuTLS 2.2.5 du 19 mai 2008 :",
      "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-613-1 du 21 mai 2008 :",
      "url": "http://www.ubuntu.com/usn/usn-613-1"
    },
    {
      "title": "Note de version FileZilla 3.010 du 20 mai 2008 :",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=600646"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1581 du 20 mai 2008 :",
      "url": "http://www.debian.org/security/2008/dsa-1581"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement du projet FileZilla :",
      "url": "http://sourceforge.net/project/showfiles.php.group_id=21558"
    }
  ],
  "reference": "CERTA-2008-AVI-262",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-22T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo, RedHat, Debian et Ubuntu.",
      "revision_date": "2008-09-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGnuTLS\u003c/span\u003e et permettent \u00e0 une personne malveillante\nd\u0027effectuer un d\u00e9ni de service ou une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans GnuTLS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Note de version GnuTLS du 19 mai 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-295

Vulnerability from certfr_avis - Published: 2008-06-09 - Updated: 2008-06-09

De multiples vulnérabilités dans VLC permettent de réaliser un déni de service ou d'exécuter du code arbitraire à distance.

Description

VLC intègre des versions vulnérables de GnuTLS, de libgcrypt (CVE-2008-1948, CVE-2008-1949 et CVE-2008-1950) et de libxml2 (CVE-2007-6284) pour Windows et Mac OS X.

L'exploitation de ces vulnérabilités (traitées par les avis CERTA-2008-AVI-022 et CERTA-2008-AVI-262) permet de réaliser un déni de service ou d'exécuter du code arbitraire à distance.

Solution

Mettre à jour VLC en version 0.8.6h.

VLC versions 0.8.6g et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Notes de version VLC 0.8.6h	None	vendor-advisory
Téléchargement de VLC :	-	other
Avis CERTA-2008-AVI-022 :	-	other
Avis CERTA-2008-AVI-262 :	-	other
Notes de changement de version VLC 0.8.6h :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eVLC\u003c/SPAN\u003e versions 0.8.6g et  ant\u00e9rieures.\u003c/P\u003e",
  "content": "## Description\n\nVLC int\u00e8gre des versions vuln\u00e9rables de GnuTLS, de libgcrypt\n(CVE-2008-1948, CVE-2008-1949 et CVE-2008-1950) et de libxml2\n(CVE-2007-6284) pour Windows et Mac OS X.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s (trait\u00e9es par les avis\nCERTA-2008-AVI-022 et CERTA-2008-AVI-262) permet de r\u00e9aliser un d\u00e9ni de\nservice ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nMettre \u00e0 jour VLC en version 0.8.6h.\n",
  "cves": [
    {
      "name": "CVE-2007-6284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
    },
    {
      "name": "CVE-2008-1948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1948"
    },
    {
      "name": "CVE-2008-1949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1949"
    },
    {
      "name": "CVE-2008-1950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1950"
    }
  ],
  "initial_release_date": "2008-06-09T00:00:00",
  "last_revision_date": "2008-06-09T00:00:00",
  "links": [
    {
      "title": "T\u00e9l\u00e9chargement de VLC :",
      "url": "http://www.videolan.org/vlc/"
    },
    {
      "title": "Avis CERTA-2008-AVI-022 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-022/"
    },
    {
      "title": "Avis CERTA-2008-AVI-262 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-262/"
    },
    {
      "title": "Notes de changement de version VLC 0.8.6h :",
      "url": "http://wiki.videolan.org/Changelog/0.8.6h"
    }
  ],
  "reference": "CERTA-2008-AVI-295",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eVLC\u003c/span\u003e\npermettent de r\u00e9aliser un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VLC",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes de version VLC 0.8.6h",
      "url": null
    }
  ]
}

GHSA-4QV6-G5FW-F876

Vulnerability from github – Published: 2022-05-01 23:45 – Updated: 2025-04-09 03:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1950"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-05-21T13:24:00Z",
    "severity": "MODERATE"
  },
  "details": "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.",
  "id": "GHSA-4qv6-g5fw-f876",
  "modified": "2025-04-09T03:54:48Z",
  "published": "2022-05-01T23:45:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1950"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-2552"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
    },
    {
      "type": "WEB",
      "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
    },
    {
      "type": "WEB",
      "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30287"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30302"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30317"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30324"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30330"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30331"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30338"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30355"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31939"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3902"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
    },
    {
      "type": "WEB",
      "url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1581"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/659209"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29292"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020059"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-613-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1582/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1583/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-1950

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-1950

Aliases

CVE-2008-1950

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1950",
    "description": "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.",
    "id": "GSD-2008-1950",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-1950.html",
      "https://www.debian.org/security/2008/dsa-1581",
      "https://access.redhat.com/errata/RHSA-2008:0492",
      "https://access.redhat.com/errata/RHSA-2008:0489",
      "https://linux.oracle.com/cve/CVE-2008-1950.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1950"
      ],
      "details": "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.",
      "id": "GSD-2008-1950",
      "modified": "2023-12-13T01:23:02.759494Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-1950",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "30331",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30331"
          },
          {
            "name": "31939",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31939"
          },
          {
            "name": "USN-613-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-613-1"
          },
          {
            "name": "SUSE-SA:2008:046",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
          },
          {
            "name": "RHSA-2008:0492",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
          },
          {
            "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
          },
          {
            "name": "GLSA-200805-20",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
          },
          {
            "name": "30355",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30355"
          },
          {
            "name": "30317",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30317"
          },
          {
            "name": "20080520 Vulnerability Advisory on GnuTLS",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
          },
          {
            "name": "RHSA-2008:0489",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
          },
          {
            "name": "20080522 rPSA-2008-0174-1 gnutls",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
          },
          {
            "name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
            "refsource": "MLIST",
            "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
          },
          {
            "name": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558",
            "refsource": "CONFIRM",
            "url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
          },
          {
            "name": "30324",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30324"
          },
          {
            "name": "30302",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30302"
          },
          {
            "name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
            "refsource": "MLIST",
            "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
          },
          {
            "name": "ADV-2008-1583",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1583/references"
          },
          {
            "name": "29292",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29292"
          },
          {
            "name": "FEDORA-2008-4274",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
          },
          {
            "name": "30330",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30330"
          },
          {
            "name": "1020059",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020059"
          },
          {
            "name": "ADV-2008-1582",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1582/references"
          },
          {
            "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
          },
          {
            "name": "VU#659209",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/659209"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
          },
          {
            "name": "30338",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30338"
          },
          {
            "name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
            "refsource": "MLIST",
            "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
          },
          {
            "name": "DSA-1581",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1581"
          },
          {
            "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
          },
          {
            "name": "gnutls-gnutlsciphertext2compressed-bo(42533)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533"
          },
          {
            "name": "FEDORA-2008-4259",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
          },
          {
            "name": "3902",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3902"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-2552",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-2552"
          },
          {
            "name": "30287",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30287"
          },
          {
            "name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
            "refsource": "CONFIRM",
            "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
          },
          {
            "name": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
            "refsource": "MISC",
            "url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
          },
          {
            "name": "FEDORA-2008-4183",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11393",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393"
          },
          {
            "name": "MDVSA-2008:106",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-1950"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
            },
            {
              "name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
            },
            {
              "name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
            },
            {
              "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
            },
            {
              "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
            },
            {
              "name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
            },
            {
              "name": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
            },
            {
              "name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
            },
            {
              "name": "RHSA-2008:0489",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
            },
            {
              "name": "RHSA-2008:0492",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
            },
            {
              "name": "29292",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/29292"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
            },
            {
              "name": "DSA-1581",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1581"
            },
            {
              "name": "FEDORA-2008-4183",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
            },
            {
              "name": "FEDORA-2008-4259",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
            },
            {
              "name": "FEDORA-2008-4274",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
            },
            {
              "name": "GLSA-200805-20",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
            },
            {
              "name": "MDVSA-2008:106",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
            },
            {
              "name": "USN-613-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-613-1"
            },
            {
              "name": "1020059",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1020059"
            },
            {
              "name": "30331",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30331"
            },
            {
              "name": "30338",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30338"
            },
            {
              "name": "30302",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30302"
            },
            {
              "name": "30317",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30317"
            },
            {
              "name": "30324",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30324"
            },
            {
              "name": "30287",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30287"
            },
            {
              "name": "30330",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30330"
            },
            {
              "name": "VU#659209",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/659209"
            },
            {
              "name": "31939",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31939"
            },
            {
              "name": "SUSE-SA:2008:046",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
            },
            {
              "name": "3902",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3902"
            },
            {
              "name": "30355",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30355"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2552",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.rpath.com/browse/RPL-2552"
            },
            {
              "name": "ADV-2008-1583",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1583/references"
            },
            {
              "name": "ADV-2008-1582",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1582/references"
            },
            {
              "name": "gnutls-gnutlsciphertext2compressed-bo(42533)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533"
            },
            {
              "name": "oval:org.mitre.oval:def:11393",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393"
            },
            {
              "name": "20080522 rPSA-2008-0174-1 gnutls",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
            },
            {
              "name": "20080520 Vulnerability Advisory on GnuTLS",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T20:38Z",
      "publishedDate": "2008-05-21T13:24Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1950 (GCVE-0-2008-1950)

FKIE_CVE-2008-1950

CERTA-2008-AVI-262

Description

Solution

CERTA-2008-AVI-295

Description

Solution

GHSA-4QV6-G5FW-F876

GSD-2008-1950

Tags

Sightings

Nomenclature