Lucene search

[email protected]NVD:CVE-2014-8564

HistoryNov 13, 2014 - 9:32 p.m.

CVE-2014-8564

2014-11-1321:32:13

CWE-310

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.6%

JSON

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.

Affected configurations

NVD

Node

gnugnutlsMatch3.0

gnugnutlsMatch3.0.0

gnugnutlsMatch3.0.1

gnugnutlsMatch3.0.2

gnugnutlsMatch3.0.3

gnugnutlsMatch3.0.4

gnugnutlsMatch3.0.5

gnugnutlsMatch3.0.6

gnugnutlsMatch3.0.7

gnugnutlsMatch3.0.8

gnugnutlsMatch3.0.9

gnugnutlsMatch3.0.10

gnugnutlsMatch3.0.11

gnugnutlsMatch3.0.12

gnugnutlsMatch3.0.13

gnugnutlsMatch3.0.14

gnugnutlsMatch3.0.15

gnugnutlsMatch3.0.16

gnugnutlsMatch3.0.17

gnugnutlsMatch3.0.18

gnugnutlsMatch3.0.19

gnugnutlsMatch3.0.20

gnugnutlsMatch3.0.21

gnugnutlsMatch3.0.22

gnugnutlsMatch3.0.23

gnugnutlsMatch3.0.24

gnugnutlsMatch3.0.25

gnugnutlsMatch3.0.26

gnugnutlsMatch3.0.27

gnugnutlsMatch3.0.28

gnugnutlsMatch3.1.0

gnugnutlsMatch3.1.1

gnugnutlsMatch3.1.2

gnugnutlsMatch3.1.3

gnugnutlsMatch3.1.4

gnugnutlsMatch3.1.5

gnugnutlsMatch3.1.6

gnugnutlsMatch3.1.7

gnugnutlsMatch3.1.8

gnugnutlsMatch3.1.9

gnugnutlsMatch3.1.10

gnugnutlsMatch3.1.11

gnugnutlsMatch3.1.12

gnugnutlsMatch3.1.13

gnugnutlsMatch3.1.14

gnugnutlsMatch3.1.15

gnugnutlsMatch3.1.16

gnugnutlsMatch3.1.17

gnugnutlsMatch3.1.18

gnugnutlsMatch3.1.19

gnugnutlsMatch3.1.20

gnugnutlsMatch3.1.21

gnugnutlsMatch3.1.22

gnugnutlsMatch3.1.23

gnugnutlsMatch3.1.24

gnugnutlsMatch3.1.25

gnugnutlsMatch3.1.26

gnugnutlsMatch3.1.27

gnugnutlsMatch3.2.0

gnugnutlsMatch3.2.1

gnugnutlsMatch3.2.2

gnugnutlsMatch3.2.3

gnugnutlsMatch3.2.4

gnugnutlsMatch3.2.5

gnugnutlsMatch3.2.6

gnugnutlsMatch3.2.7

gnugnutlsMatch3.2.8

gnugnutlsMatch3.2.8.1

gnugnutlsMatch3.2.9

gnugnutlsMatch3.2.10

gnugnutlsMatch3.2.11

gnugnutlsMatch3.2.12

gnugnutlsMatch3.2.12.1

gnugnutlsMatch3.2.13

gnugnutlsMatch3.2.14

gnugnutlsMatch3.2.15

gnugnutlsMatch3.2.16

gnugnutlsMatch3.2.17

gnugnutlsMatch3.2.18

gnugnutlsMatch3.2.19

gnugnutlsMatch3.3.0-

gnugnutlsMatch3.3.0pre0

gnugnutlsMatch3.3.1

gnugnutlsMatch3.3.2

gnugnutlsMatch3.3.3

gnugnutlsMatch3.3.4

gnugnutlsMatch3.3.5

gnugnutlsMatch3.3.6

gnugnutlsMatch3.3.7

gnugnutlsMatch3.3.8

gnugnutlsMatch3.3.9

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

Node

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

canonicalubuntu_linuxMatch14.10

References

lists.opensuse.org/opensuse-updates/2014-11/msg00084.html

rhn.redhat.com/errata/RHSA-2014-1846.html

secunia.com/advisories/59991

secunia.com/advisories/62284

secunia.com/advisories/62294

www.ubuntu.com/usn/USN-2403-1

bugzilla.redhat.com/show_bug.cgi?id=1161443

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.6%

JSON

Related for NVD:CVE-2014-8564

cve1 nessus11 openvas7 securityvulns2 f52 redhat1 ubuntucve1 oraclelinux1 ubuntu1 prion1 fedora2 cvelist1 archlinux1 centos1 debiancve1 mageia1