gnutls26 crashes on particularly malformed crypt stream
Bug #1166634 reported by
Chip Salzenberg
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnutls26 (Ubuntu) |
Fix Released
|
Undecided
|
Marc Deslauriers |
Bug Description
The patch for CVE-2013-1619 has a bug. It fails to do proper range protection. The attached patch may not be correct insofar as reintroducing a timing exposure; but it does stop the segfaults, which are perhaps more problematic.
This is a security issue becuase crashes in libgnutls are inherently security issues.
I triggered this by trying to access https URLs via an "all_proxy" in libcurl-gnutls.
CVE References
To post a comment you must log in.
the version known affected is 2.8.5-2ubuntu0.3
I'm using Lucid with a newer libcurl (7.27.0).