CVE-2008-1950 : Detail

CVE-2008-1950

9.05%V3
Network
2008-05-21
08h00 +00:00
2018-10-11
17h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-189 Category : Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.

Metrics

Metrics Score Severity CVSS Vector Source
V2 5 AV:N/AC:L/Au:N/C:N/I:N/A:P [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Gnu>>Gnutls >> Version 1.0.18

Gnu>>Gnutls >> Version 1.0.19

Gnu>>Gnutls >> Version 1.0.20

Gnu>>Gnutls >> Version 1.0.21

Gnu>>Gnutls >> Version 1.0.22

Gnu>>Gnutls >> Version 1.0.23

Gnu>>Gnutls >> Version 1.0.24

Gnu>>Gnutls >> Version 1.0.25

Gnu>>Gnutls >> Version 1.1.13

Gnu>>Gnutls >> Version 1.1.14

Gnu>>Gnutls >> Version 1.1.15

Gnu>>Gnutls >> Version 1.1.16

Gnu>>Gnutls >> Version 1.1.17

Gnu>>Gnutls >> Version 1.1.18

Gnu>>Gnutls >> Version 1.1.19

Gnu>>Gnutls >> Version 1.1.20

Gnu>>Gnutls >> Version 1.1.21

Gnu>>Gnutls >> Version 1.1.22

Gnu>>Gnutls >> Version 1.1.23

Gnu>>Gnutls >> Version 1.2.0

Gnu>>Gnutls >> Version 1.2.1

Gnu>>Gnutls >> Version 1.2.2

Gnu>>Gnutls >> Version 1.2.3

Gnu>>Gnutls >> Version 1.2.4

Gnu>>Gnutls >> Version 1.2.5

Gnu>>Gnutls >> Version 1.2.6

Gnu>>Gnutls >> Version 1.2.7

Gnu>>Gnutls >> Version 1.2.8

Gnu>>Gnutls >> Version 1.2.9

Gnu>>Gnutls >> Version 1.2.10

Gnu>>Gnutls >> Version 1.2.11

Gnu>>Gnutls >> Version 1.3.0

Gnu>>Gnutls >> Version 1.3.1

Gnu>>Gnutls >> Version 1.3.2

Gnu>>Gnutls >> Version 1.3.3

Gnu>>Gnutls >> Version 1.3.4

Gnu>>Gnutls >> Version 1.3.5

Gnu>>Gnutls >> Version 1.4.0

Gnu>>Gnutls >> Version 1.4.1

Gnu>>Gnutls >> Version 1.4.2

Gnu>>Gnutls >> Version 1.4.3

Gnu>>Gnutls >> Version 1.4.4

Gnu>>Gnutls >> Version 1.4.5

Gnu>>Gnutls >> Version 1.5.0

Gnu>>Gnutls >> Version 1.5.1

Gnu>>Gnutls >> Version 1.5.2

Gnu>>Gnutls >> Version 1.5.3

Gnu>>Gnutls >> Version 1.5.4

Gnu>>Gnutls >> Version 1.5.5

Gnu>>Gnutls >> Version 1.6.0

Gnu>>Gnutls >> Version 1.6.1

Gnu>>Gnutls >> Version 1.6.2

Gnu>>Gnutls >> Version 1.6.3

Gnu>>Gnutls >> Version 1.7.0

Gnu>>Gnutls >> Version 1.7.1

Gnu>>Gnutls >> Version 1.7.2

Gnu>>Gnutls >> Version 1.7.3

Gnu>>Gnutls >> Version 1.7.4

Gnu>>Gnutls >> Version 1.7.5

Gnu>>Gnutls >> Version 1.7.6

Gnu>>Gnutls >> Version 1.7.7

Gnu>>Gnutls >> Version 1.7.8

Gnu>>Gnutls >> Version 1.7.9

Gnu>>Gnutls >> Version 1.7.10

Gnu>>Gnutls >> Version 1.7.11

Gnu>>Gnutls >> Version 1.7.12

Gnu>>Gnutls >> Version 1.7.13

Gnu>>Gnutls >> Version 1.7.14

Gnu>>Gnutls >> Version 1.7.15

Gnu>>Gnutls >> Version 1.7.16

Gnu>>Gnutls >> Version 1.7.17

Gnu>>Gnutls >> Version 1.7.18

Gnu>>Gnutls >> Version 1.7.19

Gnu>>Gnutls >> Version 2.0.0

Gnu>>Gnutls >> Version 2.0.1

Gnu>>Gnutls >> Version 2.0.2

Gnu>>Gnutls >> Version 2.0.3

Gnu>>Gnutls >> Version 2.0.4

Gnu>>Gnutls >> Version 2.1.0

Gnu>>Gnutls >> Version 2.1.1

Gnu>>Gnutls >> Version 2.1.2

Gnu>>Gnutls >> Version 2.1.3

Gnu>>Gnutls >> Version 2.1.4

Gnu>>Gnutls >> Version 2.1.5

Gnu>>Gnutls >> Version 2.1.6

Gnu>>Gnutls >> Version 2.1.7

Gnu>>Gnutls >> Version 2.1.8

Gnu>>Gnutls >> Version 2.2.0

Gnu>>Gnutls >> Version 2.2.1

Gnu>>Gnutls >> Version 2.2.2

Gnu>>Gnutls >> Version 2.2.3

Gnu>>Gnutls >> Version 2.2.4

Gnu>>Gnutls >> Version 2.2.5

Gnu>>Gnutls >> Version 2.3.0

Gnu>>Gnutls >> Version 2.3.1

Gnu>>Gnutls >> Version 2.3.2

Gnu>>Gnutls >> Version 2.3.3

Gnu>>Gnutls >> Version 2.3.4

Gnu>>Gnutls >> Version 2.3.5

Gnu>>Gnutls >> Version 2.3.6

Gnu>>Gnutls >> Version 2.3.7

Gnu>>Gnutls >> Version 2.3.8

Gnu>>Gnutls >> Version 2.3.9

Gnu>>Gnutls >> Version 2.3.10

Gnu>>Gnutls >> Version 2.3.11

References

http://secunia.com/advisories/30331
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31939
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-613-1
Tags : vendor-advisory, x_refsource_UBUNTU
http://www.redhat.com/support/errata/RHSA-2008-0492.html
Tags : vendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2008/05/20/1
Tags : mailing-list, x_refsource_MLIST
http://security.gentoo.org/glsa/glsa-200805-20.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/30355
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30317
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0489.html
Tags : vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/30324
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30302
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/29292
Tags : vdb-entry, x_refsource_BID
http://secunia.com/advisories/30330
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1020059
Tags : vdb-entry, x_refsource_SECTRACK
http://www.openwall.com/lists/oss-security/2008/05/20/3
Tags : mailing-list, x_refsource_MLIST
http://www.kb.cert.org/vuls/id/659209
Tags : third-party-advisory, x_refsource_CERT-VN
http://secunia.com/advisories/30338
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1581
Tags : vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2008/05/20/2
Tags : mailing-list, x_refsource_MLIST
http://securityreason.com/securityalert/3902
Tags : third-party-advisory, x_refsource_SREASON
http://secunia.com/advisories/30287
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:106
Tags : vendor-advisory, x_refsource_MANDRIVA