Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GnuTLS gnutls_handshake.c 代码执行漏洞
Vulnerability Description
GnuTLS是用于实现TLS加密协议的函数库。 GnuTLS2.3.5至2.4.0中lib/gnutls_handshake.c文件中的_gnutls_handshake_hash_buffers_clear函数存在缺陷,导致远程拒绝服务漏洞。调用会话中的gnutls_handshake时,数据的TLS传输会导致试图访问已经释放的libgcrypt句柄,这使得远程攻击者可以利用这一缺陷造成的应用程序崩溃,引发拒绝服务,也可能执行任意指令。
CVSS Information
N/A
Vulnerability Type
N/A