6.8
CVE-2014-3466
- EPSS 11.22%
- Veröffentlicht 03.06.2014 14:55:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.22% | 0.954 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.gnutls.org/security.html
http://linux.oracle.com/errata/ELSA-2014-0594.html
http://linux.oracle.com/errata/ELSA-2014-0595.html
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
http://rhn.redhat.com/errata/RHSA-2014-0594.html
http://rhn.redhat.com/errata/RHSA-2014-0595.html
http://rhn.redhat.com/errata/RHSA-2014-0684.html
http://rhn.redhat.com/errata/RHSA-2014-0815.html
http://secunia.com/advisories/58340
http://secunia.com/advisories/58598
http://secunia.com/advisories/58601
http://secunia.com/advisories/58642
http://secunia.com/advisories/59016
http://secunia.com/advisories/59021
http://secunia.com/advisories/59057
http://secunia.com/advisories/59086
http://secunia.com/advisories/59408
http://secunia.com/advisories/59838
http://secunia.com/advisories/60384
http://www-01.ibm.com/support/docview.wss?uid=swg21678776
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155
http://www.debian.org/security/2014/dsa-2944
http://www.novell.com/support/kb/doc.php?id=7015302
http://www.novell.com/support/kb/doc.php?id=7015303
http://www.securityfocus.com/bid/67741
http://www.securitytracker.com/id/1030314
http://www.ubuntu.com/usn/USN-2229-1
https://bugzilla.redhat.com/show_bug.cgi?id=1101932
https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd