CVSS: 9.3EPSS: 7%CPEs: 105EXPL: 1CVE-2008-1949 – GNUTLS-SA-2008-1-2 GnuTLS null-pointer dereference
https://notcve.org/view.php?id=CVE-2008-1949
21 May 2008 — The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. La función _gnutls_recv_client_kx_message en lib/gnutls_kx.c de libgnutls en gnutls-serv de GnuTLS versiones anteriores a l... • http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b • CWE-287: Improper Authentication CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 9%CPEs: 105EXPL: 0CVE-2008-1950 – GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw
https://notcve.org/view.php?id=CVE-2008-1950
21 May 2008 — Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. Error en signo de entero de la función the _gnutls_ciphertext2compressed en lib/gnutls_ciph... • http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b • CWE-189: Numeric Errors •