FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gnutls -- "gnutls_handshake()" Denial of Service

Affected packages
2.3.5 <= gnutls < 2.4.1

Details

VuXML ID d864a0a7-6f27-11dd-acfe-00104b9e1a4a
Discovery 2008-08-15
Entry 2008-08-21

Secunia reports:

A vulnerability has been reported in GnuTLS, which can potentially be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a use-after-free error when an application calls "gnutls_handshake()" for an already valid session and can potentially be exploited, e.g. during re-handshakes.

References

CVE Name CVE-2008-2377
URL http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947
URL http://secunia.com/advisories/31505/