Lucene search

[email protected]NVD:CVE-2014-3465

HistoryJun 10, 2014 - 2:55 p.m.

CVE-2014-3465

2014-06-1014:55:10

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

JSON

The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.

Affected configurations

NVD

Node

gnugnutlsMatch3.0.0

gnugnutlsMatch3.0.1

gnugnutlsMatch3.0.2

gnugnutlsMatch3.0.3

gnugnutlsMatch3.0.4

gnugnutlsMatch3.0.5

gnugnutlsMatch3.0.6

gnugnutlsMatch3.0.7

gnugnutlsMatch3.0.8

gnugnutlsMatch3.0.9

gnugnutlsMatch3.0.10

gnugnutlsMatch3.0.11

gnugnutlsMatch3.0.12

gnugnutlsMatch3.0.13

gnugnutlsMatch3.0.14

gnugnutlsMatch3.0.15

gnugnutlsMatch3.0.16

gnugnutlsMatch3.0.17

gnugnutlsMatch3.0.18

gnugnutlsMatch3.0.19

gnugnutlsMatch3.0.20

gnugnutlsMatch3.0.21

gnugnutlsMatch3.0.22

gnugnutlsMatch3.0.23

gnugnutlsMatch3.0.24

gnugnutlsMatch3.0.25

gnugnutlsMatch3.0.26

gnugnutlsMatch3.0.27

gnugnutlsMatch3.0.28

gnugnutlsMatch3.1.0

gnugnutlsMatch3.1.1

gnugnutlsMatch3.1.2

gnugnutlsMatch3.1.3

gnugnutlsMatch3.1.4

gnugnutlsMatch3.1.5

gnugnutlsMatch3.1.6

gnugnutlsMatch3.1.7

gnugnutlsMatch3.1.8

gnugnutlsMatch3.1.9

gnugnutlsMatch3.1.10

gnugnutlsMatch3.1.11

gnugnutlsMatch3.1.12

gnugnutlsMatch3.1.13

gnugnutlsMatch3.1.14

gnugnutlsMatch3.1.15

gnugnutlsMatch3.1.16

gnugnutlsMatch3.1.17

gnugnutlsMatch3.1.18

gnugnutlsMatch3.1.19

gnugnutlsMatch3.2.0

gnugnutlsMatch3.2.1

gnugnutlsMatch3.2.2

gnugnutlsMatch3.2.3

gnugnutlsMatch3.2.4

gnugnutlsMatch3.2.5

gnugnutlsMatch3.2.6

gnugnutlsMatch3.2.7

gnugnutlsMatch3.2.8

gnugnutlsMatch3.2.8.1

gnugnutlsMatch3.2.9

References

lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html

lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html

lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html

lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html

rhn.redhat.com/errata/RHSA-2014-0684.html

secunia.com/advisories/59086

bugzilla.redhat.com/show_bug.cgi?id=1101734

www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

JSON

Related for NVD:CVE-2014-3465

cve1 ubuntucve1 debiancve1 cvelist1 prion1 openvas7 redhat1 suse2 nessus8 oraclelinux1 mageia1 gentoo1 slackware1 securityvulns2