FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gnutls -- "gnutls_handshake()" Denial of Service

Affected packages
2.3.5 <= gnutls < 2.4.1


VuXML ID d864a0a7-6f27-11dd-acfe-00104b9e1a4a
Discovery 2008-08-15
Entry 2008-08-21

Secunia reports:

A vulnerability has been reported in GnuTLS, which can potentially be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a use-after-free error when an application calls "gnutls_handshake()" for an already valid session and can potentially be exploited, e.g. during re-handshakes.


CVE Name CVE-2008-2377