OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

gnutls -- denial of service vulnerability

Affected packages
gnutls < 1.0.25

Details

VuXML ID 086072e4-c180-11d9-aaa3-00065bd5b0b6
Discovery 2005-04-28
Entry 2005-05-11

A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality.

A remote attacker could exploit this vulnerability and cause a Denial of Service to any application that utilizes the GnuTLS library.

Previously exported RSA keys can be fixed by executing the following command on the key files:

# certtool -k infile outfile

References

CVE Name CAN-2005-1431
URL http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.