CVE-2011-4128

Name of the Vulnerable Software and Affected Versions GnuTLS versions 2.12.x through 2.12.13 GnuTLS versions 3.x through 3.0.6

Description The issue is related to a buffer overflow in the gnutls session get data function, which can be triggered by remote TLS servers when used on a client that performs nonstandard session resumption, leading to a denial of service (application crash) via a large SessionTicket. Additionally, multiple vulnerabilities in the GnuTLS package can lead to breaches of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely.

Recommendations For GnuTLS versions 2.12.x through 2.12.13, update to version 2.12.14 or later. For GnuTLS versions 3.x through 3.0.6, update to version 3.0.7 or later. As a temporary workaround, consider restricting the use of nonstandard session resumption to minimize the risk of exploitation.