PT-2014-9115 · Gnu+2 · Gnutls+2

Publicado

1970-01-01

·

Atualizado

2017-12-29

·

CVE-2014-3465

CVSS v2.0

6.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions GnuTLS versions 3.0 through 3.1.19 GnuTLS versions 3.2.x through 3.2.9
Description The issue allows remote attackers to cause a denial of service via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. Exploitation of the vulnerabilities may lead to disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely.
Recommendations For GnuTLS versions 3.0 through 3.1.19, update to version 3.1.20 or later. For GnuTLS versions 3.2.x through 3.2.9, update to version 3.2.10 or later. As a temporary workaround, consider restricting access to the gnutls x509 dn oid name function until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

BDU:2015-05923
BDU:2015-05924
BDU:2015-05925
BDU:2015-05926
BDU:2015-05927
BDU:2015-05928
BDU:2015-05929
BDU:2015-05930
BDU:2015-05931
BDU:2015-05932
BDU:2015-05933
BDU:2015-05934
BDU:2015-05935
BDU:2015-05936
BDU:2015-05937
BDU:2015-09761
CVE-2014-3465
MGASA-2014-0248
OPENSUSE-SU-2014_0763-1
RHSA-2014:0684
RHSA-2014_0684

Produtos afetados

Gnutls
Red Hat
Suse