mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 15:15:46 +02:00
0xMarcio
947 B
947 B
CVE-2008-1949
Description
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
POC
Reference
- http://securityreason.com/securityalert/3902
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519
Github
No PoCs found on GitHub currently.