[gnutls-devel] gnutls-cli 2.x segfault

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed May 29 21:07:16 CEST 2013


On 05/29/2013 07:26 PM, Tomas Hoger wrote:

>>  It looks like an out of bounds data access introduced on the fix for
>> the Lucky-13 attack. I've committed the following fix in the
>> repository. No bug-fix release planned though.
>> https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d
> This problem is not limited to clients, servers are affected by this as
> well and can be crashed remotely using this flaw.  This issue got
> CVE-2013-2116 assigned.


Thanks. I've added a security advisory as well.

http://www.gnutls.org/security.html#GNUTLS-SA-2013-2

regards,
Nikos



More information about the Gnutls-devel mailing list