[gnutls-devel] GnuTLS | srptool:possible stack buffer overflow with large SRP groups (#1777)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Dec 23 01:03:00 CET 2025
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1777#note_2970510306
I suspect that you are getting "Encoding error" because the program just reads past the boundary? I'd suggest using valgrind or compile the program with `CFLAGS="-O2 -D_FORTIFY_SOURCE=2"` instead of using gdb.
Some might consider this as a security issue, though I'd say it's very low severity: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L](https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L), given that SRP support is disabled by default since 3.8.0 and srptool is not even part of major distributions.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1777#note_2970510306
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20251223/0ca25e53/attachment.html>
More information about the Gnutls-devel
mailing list