Lucene search

K

[email protected]CVE-2014-3466

HistoryJun 03, 2014 - 2:55 p.m.

CVE-2014-3466

2014-06-0314:55:00

CWE-119

[email protected]

web.nvd.nist.gov

70

cve-2014-3466

buffer overflow

gnutls

remote code execution

memory corruption

nvd

6.4 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.708 High

EPSS

Percentile

98.0%

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

CPENameOperatorVersion
gnu:gnutlsgnu gnutlseq3.3.1
gnu:gnutlsgnu gnutlseq3.3.0
gnu:gnutlsgnu gnutlseq3.3.3
gnu:gnutlsgnu gnutlseq3.3.2
gnu:gnutlsgnu gnutlseq3.1.0
gnu:gnutlsgnu gnutlseq3.1.11
gnu:gnutlsgnu gnutlseq3.1.13
gnu:gnutlsgnu gnutlseq3.1.20
gnu:gnutlsgnu gnutlseq3.1.19
gnu:gnutlsgnu gnutlseq3.1.18

Rows per page:

1-10 of 461

References

linux.oracle.com/errata/ELSA-2014-0594.html

linux.oracle.com/errata/ELSA-2014-0595.html

lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html

lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html

lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html

lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html

radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/

rhn.redhat.com/errata/RHSA-2014-0594.html

rhn.redhat.com/errata/RHSA-2014-0595.html

rhn.redhat.com/errata/RHSA-2014-0684.html

rhn.redhat.com/errata/RHSA-2014-0815.html

secunia.com/advisories/58340

secunia.com/advisories/58598

secunia.com/advisories/58601

secunia.com/advisories/58642

secunia.com/advisories/59016

secunia.com/advisories/59021

secunia.com/advisories/59057

secunia.com/advisories/59086

secunia.com/advisories/59408

secunia.com/advisories/59838

secunia.com/advisories/60384

www-01.ibm.com/support/docview.wss?uid=swg21678776

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155

www.debian.org/security/2014/dsa-2944

www.gnutls.org/security.html

www.novell.com/support/kb/doc.php?id=7015302

www.novell.com/support/kb/doc.php?id=7015303

www.securityfocus.com/bid/67741

www.securitytracker.com/id/1030314

www.ubuntu.com/usn/USN-2229-1

bugzilla.redhat.com/show_bug.cgi?id=1101932

www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd

6.4 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.708 High

EPSS

Percentile

98.0%

Related for CVE-2014-3466

nessus29 osv1 f52 veracode2 redhat4 freebsd2 centos2 openvas27 ubuntucve1 ibm2 debian3 oraclelinux3 thn1 prion1 ubuntu1 checkpoint_advisories1 amazon1 debiancve1 suse7 fedora4 mageia1 gentoo1 securityvulns2 slackware1