[gnutls-devel] gnutls-cli 2.x segfault
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed May 29 21:07:16 CEST 2013
On 05/29/2013 07:26 PM, Tomas Hoger wrote:
>> It looks like an out of bounds data access introduced on the fix for
>> the Lucky-13 attack. I've committed the following fix in the
>> repository. No bug-fix release planned though.
>> https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d
> This problem is not limited to clients, servers are affected by this as
> well and can be crashed remotely using this flaw. This issue got
> CVE-2013-2116 assigned.
Thanks. I've added a security advisory as well.
http://www.gnutls.org/security.html#GNUTLS-SA-2013-2
regards,
Nikos
More information about the Gnutls-devel
mailing list