PT-2014-1866 · Gnu+3 · Gnutls+3

Published

2014-11-12

Updated

2024-06-15

CVE-2014-8564

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GnuTLS versions 3.1.x through 3.1.27 GnuTLS versions 3.2.x through 3.2.19 GnuTLS versions 3.3.x through 3.3.9

Description The issue allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted Elliptic Curve Cryptography (ECC) certificate or certificate signing requests (CSR), related to generating key IDs. Exploitation of this issue may lead to disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For GnuTLS versions 3.1.x through 3.1.27, update to version 3.1.28 or later. For GnuTLS versions 3.2.x through 3.2.19, update to version 3.2.20 or later. For GnuTLS versions 3.3.x through 3.3.9, update to version 3.3.10 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

BDU:2015-07243

BDU:2015-07244

BDU:2015-07245

BDU:2015-07248

BDU:2015-07251

BDU:2015-07255

BDU:2015-09287

BDU:2015-09288

BDU:2015-09289

BDU:2015-09290

BDU:2015-09291

BDU:2015-09292

CESA-2014_1846

CVE-2014-8564

MGASA-2014-0458

OPENSUSE-SU-2024:10105-1

RHSA-2014:1846

RHSA-2014_1846

SUSE-SU-2014_1628-1

Affected Products

Centos

Gnutls

Red Hat

Suse

PT-2014-1866 · Gnu+3 · Gnutls+3

CVE-2014-8564

Weakness Enumeration

Related Identifiers

Affected Products

References · 52