GnuTLS has a flaw – Fix already available

GnuTls flawGnuTls flawGnuTls flawGnuTLS Flaw For those of you who use GnuTLS, which is the open source SSL/TLS crypto library, this information is for you. A bug (CVE-2014-3466) was discovered by Joonas Kuorilehto of security firm Codenomiconthat proves that the method used to parse the session ID during a TLS handshake is at risk of being exploited for remote code execution.  Codenomicon is the same firm that discovered the Heartbleed vulnerability as well.

The Official Radware Blog wrote a great review and proof of the vulnerability as we as the GnuTLS  people having already issued a bug fix here. 

Skip to toolbar