[gnutls-devel] gnutls-cli 2.x segfault

Tomas Hoger thoger at redhat.com
Wed May 29 19:26:54 CEST 2013

On Thu, 23 May 2013 09:56:29 +0200 Nikos Mavrogiannopoulos wrote:

>  It looks like an out of bounds data access introduced on the fix for
> the Lucky-13 attack. I've committed the following fix in the
> repository. No bug-fix release planned though.
> https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d

This problem is not limited to clients, servers are affected by this as
well and can be crashed remotely using this flaw.  This issue got
CVE-2013-2116 assigned.

Tomas Hoger / Red Hat Security Response Team

More information about the Gnutls-devel mailing list