PT-2013-5029 · Gnu · Gnutls
Marcus Meissner
·
Publicado
2013-11-19
·
Atualizado
2013-11-30
·
CVE-2013-4466
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
GnuTLS versions 3.1.x through 3.1.14
GnuTLS versions 3.2.x through 3.2.4
Description
The issue is related to a buffer overflow in the
dane query tlsa function within the DANE library (libdane) of GnuTLS. This allows remote servers to cause a denial of service, resulting in memory corruption, by sending a response that contains more than four DANE entries.Recommendations
For GnuTLS versions 3.1.x through 3.1.14, update to version 3.1.15 or later.
For GnuTLS versions 3.2.x through 3.2.4, update to version 3.2.5 or later.
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gnutls