CVE-2008-1950

Name of the Vulnerable Software and Affected Versions gnutls versions prior to 2.2.5 gnutls-32bit (affected versions not specified) gnutls-64bit (affected versions not specified) gnutls-devel (affected versions not specified) gnutls-devel-32bit (affected versions not specified) gnutls-devel-64bit (affected versions not specified) gnutls-debuginfo (affected versions not specified) gnutls-x86 (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the gnutls package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service due to a buffer over-read and crash. The vulnerabilities are caused by an integer signedness error in the gnutls ciphertext2compressed function.

Recommendations For gnutls versions prior to 2.2.5, update to version 2.2.5 or later to resolve the issue. For gnutls-32bit, gnutls-64bit, gnutls-devel, gnutls-devel-32bit, gnutls-devel-64bit, gnutls-debuginfo, and gnutls-x86, at the moment, there is no information about a newer version that contains a fix for this vulnerability.