Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2008-2377
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-08 Aug, 2008 | 19:41
Updated At-23 Apr, 2026 | 00:35

Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.6HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.6
Base severity: HIGH
Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
CPE Matches
GNU
gnu
>>gnutls>>2.3.5
cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>2.3.6
cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>2.3.7
cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>2.3.8
cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>2.3.9
cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>2.4.0
cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2008-08-11T00:00:00

Not vulnerable. This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 4, or 5.

References
HyperlinkSourceResource
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947secalert@redhat.com
Patch
http://secunia.com/advisories/31505secalert@redhat.com
N/A
http://www.gnu.org/software/gnutls/security.htmlsecalert@redhat.com
N/A
http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.htmlsecalert@redhat.com
Exploit
http://www.securityfocus.com/bid/30713secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2008/2398secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/44486secalert@redhat.com
N/A
https://issues.rpath.com/browse/RPL-2650secalert@redhat.com
N/A
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947af854a3a-2127-422b-91ae-364da2661108
Patch
http://secunia.com/advisories/31505af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gnu.org/software/gnutls/security.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.securityfocus.com/bid/30713af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2008/2398af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/44486af854a3a-2127-422b-91ae-364da2661108
N/A
https://issues.rpath.com/browse/RPL-2650af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://secunia.com/advisories/31505
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.gnu.org/software/gnutls/security.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html
Source: secalert@redhat.com
Resource:
Exploit
Hyperlink: http://www.securityfocus.com/bid/30713
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/2398
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44486
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-2650
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://secunia.com/advisories/31505
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gnu.org/software/gnutls/security.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.securityfocus.com/bid/30713
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/2398
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44486
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-2650
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found