CVE-2008-1950

CVE-2008-1950 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

Learn more about our Web Application Penetration Testing UK.