Unrated severityNVD Advisory· Published May 21, 2008· Updated Apr 23, 2026
CVE-2008-1948
CVE-2008-1948
Description
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
Affected products
105cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*+ 104 more
- cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
39- www.openwall.com/lists/oss-security/2008/05/20/2nvdPatch
- www.securityfocus.com/bid/29292nvdPatch
- lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.htmlnvdExploit
- www.cert.fi/haavoittuvuudet/advisory-gnutls.htmlnvdExploit
- www.kb.cert.org/vuls/id/111034nvdUS Government Resource
- lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.htmlnvd
- lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.htmlnvd
- secunia.com/advisories/30287nvd
- secunia.com/advisories/30302nvd
- secunia.com/advisories/30317nvd
- secunia.com/advisories/30324nvd
- secunia.com/advisories/30330nvd
- secunia.com/advisories/30331nvd
- secunia.com/advisories/30338nvd
- secunia.com/advisories/30355nvd
- secunia.com/advisories/31939nvd
- security.gentoo.org/glsa/glsa-200805-20.xmlnvd
- securityreason.com/securityalert/3902nvd
- sourceforge.net/project/shownotes.phpnvd
- wiki.rpath.com/wiki/Advisories:rPSA-2008-0174nvd
- www.debian.org/security/2008/dsa-1581nvd
- www.mandriva.com/security/advisoriesnvd
- www.openwall.com/lists/oss-security/2008/05/20/1nvd
- www.openwall.com/lists/oss-security/2008/05/20/3nvd
- www.redhat.com/support/errata/RHSA-2008-0489.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0492.htmlnvd
- www.securityfocus.com/archive/1/492282/100/0/threadednvd
- www.securityfocus.com/archive/1/492464/100/0/threadednvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-613-1nvd
- www.vupen.com/english/advisories/2008/1582/referencesnvd
- www.vupen.com/english/advisories/2008/1583/referencesnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/42532nvd
- issues.rpath.com/browse/RPL-2552nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935nvd
- www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.htmlnvd
News mentions
0No linked articles in our index yet.