- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-200805-20 (GnuTLS: Execution of arbitrary code)
Ossi Herrala and Jukka Taimisto of Codenomicon reported three vulnerabilities in libgnutls of GnuTLS:
'Client Hello' messages containing an invalid server name can lead to a buffer overflow when evaluating 'Security Parameters' (CVE-2008-1948).
Multiple 'Client Hello' messages can lead to a NULL pointer dereference (CVE-2008-1949).
A TLS handshake including an encrypted 'Client Hello' message and an invalid record length could lead to a buffer overread (CVE-2008-1950).
Impact :
Unauthenticated remote attackers could exploit these vulnerabilities to cause Denial of Service conditions in daemons using GnuTLS. The first vulnerability (CVE-2008-1948) might allow for the execution of arbitrary code with the privileges of the daemon handling incoming TLS connections.
Workaround :
There is no known workaround at this time.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top