mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-21 04:46:48 +02:00
0xMarcio
1.0 KiB
1.0 KiB
CVE-2008-1949
Description
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
POC
Reference
- http://securityreason.com/securityalert/3902
- http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519
Github
No PoCs found on GitHub currently.