- Description
- Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.6
- Impact score
- 10
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
- Red HatNot vulnerable. This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 4, or 5.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A"
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA"
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763"
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945"
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96"
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFB33002-E5C6-4573-BC94-647DDE4E6F89"
}
],
"operator": "OR"
}
]
}
]