CVE-2014-3466

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.1.25 GnuTLS versions 3.2.x prior to 3.2.15 GnuTLS versions 3.3.x prior to 3.3.4 libgnutls26 (affected versions not specified) libgnutls28 (affected versions not specified) libgnutls-openssl27 (affected versions not specified) gnutls (affected versions not specified) gnutls-utils-2.8.5 (affected versions not specified) gnutls-devel-2.8.5 (affected versions not specified) libgnutls-extra26 (affected versions not specified) libgnutls-extra-devel (affected versions not specified) libgnutlsxx28 (affected versions not specified) libgnutls-openssl-devel (affected versions not specified) gnutls-debuginfo-2.8.5 (affected versions not specified) gnutls-debugsource (affected versions not specified) libgnutlsxx28-debuginfo (affected versions not specified) libgnutls28-debuginfo (affected versions not specified) libgnutls-openssl27-debuginfo (affected versions not specified)

Description The issue is related to a buffer overflow in the read server hello function in lib/gnutls handshake.c in GnuTLS, which allows remote servers to cause a denial of service or possibly execute arbitrary code via a long session id in a ServerHello message. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For GnuTLS versions prior to 3.1.25, update to version 3.1.25 or later. For GnuTLS versions 3.2.x prior to 3.2.15, update to version 3.2.15 or later. For GnuTLS versions 3.3.x prior to 3.3.4, update to version 3.3.4 or later. For libgnutls26, libgnutls28, libgnutls-openssl27, gnutls, gnutls-utils-2.8.5, gnutls-devel-2.8.5, libgnutls-extra26, libgnutls-extra-devel, libgnutlsxx28, libgnutls-openssl-devel, gnutls-debuginfo-2.8.5, gnutls-debugsource, libgnutlsxx28-debuginfo, libgnutls28-debuginfo, and libgnutls-openssl27-debuginfo, update to a version that is not affected by this issue, as the specific affected versions are not specified. As a temporary workaround, consider restricting access to the vulnerable function read server hello in lib/gnutls handshake.c to minimize the risk of exploitation.