FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-3466

This CVE name corresponds to:

Entered Topic
2014-06-04 gnutls -- client-side memory corruption
2014-06-03 gnutls -- client-side memory corruption

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-3466 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-3466
Phase Assigned(20140514)

Description

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

References

Source Reference
MISC http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
CONFIRM http://www.gnutls.org/security.html
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1101932
CONFIRM https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd
CONFIRM http://linux.oracle.com/errata/ELSA-2014-0595.html
CONFIRM http://linux.oracle.com/errata/ELSA-2014-0594.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21678776
DEBIAN DSA-2944
REDHAT RHSA-2014:0594
REDHAT RHSA-2014:0815
SUSE openSUSE-SU-2014:0763
SUSE openSUSE-SU-2014:0767
SECTRACK 1030314
SECUNIA 58340
SECUNIA 58598
SECUNIA 58601
SECUNIA 58642
SECUNIA 59016
SECUNIA 59057
SECUNIA 59086
SECUNIA 59021
SECUNIA 59838

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.