Search Results (Refine Search)
- CPE Product Version: cpe:/a:gnu:gnutls:2.1.5
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-1949 |
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. Published: May 21, 2008; 9:24:00 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-1950 |
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. Published: May 21, 2008; 9:24:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |