FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-4128

This CVE name corresponds to:

Entered Topic
2011-11-10 gnutls -- client session resumption vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-4128 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-4128
Phase Assigned(20111018)

Description

Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.

References

Source Reference
MLIST [gnutls-devel] 20111108 Possible buffer overflow on gnutls_session_get_data
MLIST [oss-security] 20111108 CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)
MLIST [oss-security] 20111109 Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)
CONFIRM http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c
CONFIRM http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450
CONFIRM http://www.gnu.org/software/gnutls/security.html
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=752308
REDHAT RHSA-2012:0429
REDHAT RHSA-2012:0488
REDHAT RHSA-2012:0531
UBUNTU USN-1418-1
SECUNIA 48596
SECUNIA 48712

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.