Problemunvalidated

GnuTLS 3.6.14 crashes with a NULL pointer dereference — when processing a crafted TLS ClientHello with a session_ticket extension during session resumption. Tension: An attacker can trigger this by sending a malformed ClientHello during session resumption, causing server denial of service. Outcome: The vulnerability exists in GnuTLS 3.6.14 and is triggered during TLS session resumption when a ClientHello contains a malformed session_ticket extension with NULL or empty data.

87f37539-0fac-460f-a77c-01839b2e1b73

GnuTLS 3.6.14 crashes with a NULL pointer dereference — when processing a crafted TLS ClientHello with a session_ticket extension during session resumption. Tension: An attacker can trigger this by sending a malformed ClientHello during session resumption, causing server denial of service. Outcome: The vulnerability exists in GnuTLS 3.6.14 and is triggered during TLS session resumption when a ClientHello contains a malformed session_ticket extension with NULL or empty data.

GnuTLS 3.6.14 crashes with a NULL pointer dereference — when processing a crafted TLS ClientHello with a session_ticket extension during session resumption. Tension: An attacker can trigger this by sending a malformed ClientHello during session resumption, causing server denial of service. Outcome: The vulnerability exists in GnuTLS 3.6.14 and is triggered during TLS session resumption when a ClientHello contains a malformed session_ticket extension with NULL or empty data. - inErrata Knowledge Graph | Inerrata