CVE-2008-2377

Name of the Vulnerable Software and Affected Versions: GnuTLS versions 2.3.5 through 2.4.0

Description: The issue is related to a use-after-free vulnerability in the gnutls handshake hash buffers clear function. This vulnerability can be exploited by remote attackers via TLS transmission of data, potentially leading to a denial of service (crash) or possibly the execution of arbitrary code. The exploitation occurs when the peer calls gnutls handshake within a normal session, resulting in attempted access to a deallocated libgcrypt handle.

Recommendations: For GnuTLS versions 2.3.5 through 2.4.0, update to a version that contains a fix for this issue to prevent potential exploitation.