[gnutls-devel] gnutls-cli 2.x segfault
Tomas Hoger
thoger at redhat.com
Wed May 29 19:26:54 CEST 2013
On Thu, 23 May 2013 09:56:29 +0200 Nikos Mavrogiannopoulos wrote:
> It looks like an out of bounds data access introduced on the fix for
> the Lucky-13 attack. I've committed the following fix in the
> repository. No bug-fix release planned though.
>
> https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d
This problem is not limited to clients, servers are affected by this as
well and can be crashed remotely using this flaw. This issue got
CVE-2013-2116 assigned.
--
Tomas Hoger / Red Hat Security Response Team
More information about the Gnutls-devel
mailing list