๐ GnuTLS up to 3.1.24/3.2.14/3.3.3 Session ID lib/gnutls_handshake.c read_server_hello ServerHello Packet memory corruption
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vuldb.com
A vulnerability was found in GnuTLS up to 3.1.24/3.2.14/3.3.3 (Network Encryption Software). It has been classified as critical. This affects the function read_server_hello
in the library lib/gnutls_handshake.c of the component Session ID Handler. Upgrading to version 3.1.25, 3.2.15 or 3.3.4 eliminates this vulnerability. Applying the patch #8923804 is able to eliminate this problem. The bugfix is ready for download at gitorious.org. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 16296. ...