CVE-2011-4128 – gnutls: buffer overflow in gnutls_session_get_data() (GNUTLS-SA-2011-2)

https://notcve.org/view.php?id=CVE-2011-4128

08 Dec 2011 — Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. Desbordamiento de búfer en la función gnutls_session_get_data en lib/gnutls_session.c en GnuTLS v2.12.x antes de v2.12.14 y v3.x antes de v3.0.7, cuando se utiliza en un cliente que realiza la reanudación de ... • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •