mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-20 20:34:40 +02:00
0xMarcio
1.0 KiB
1.0 KiB
CVE-2008-1948
Description
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
POC
Reference
- http://securityreason.com/securityalert/3902
- http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558
Github
No PoCs found on GitHub currently.