PT-2014-9115 · Gnu+2 · Gnutls+2

Published

1970-01-01

Updated

2017-12-29

CVE-2014-3465

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GnuTLS versions 3.0 through 3.1.19 GnuTLS versions 3.2.x through 3.2.9

Description The issue allows remote attackers to cause a denial of service via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. Exploitation of the vulnerabilities may lead to disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For GnuTLS versions 3.0 through 3.1.19, update to version 3.1.20 or later. For GnuTLS versions 3.2.x through 3.2.9, update to version 3.2.10 or later. As a temporary workaround, consider restricting access to the gnutls x509 dn oid name function until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

BDU:2015-05923

BDU:2015-05924

BDU:2015-05925

BDU:2015-05926

BDU:2015-05927

BDU:2015-05928

BDU:2015-05929

BDU:2015-05930

BDU:2015-05931

BDU:2015-05932

BDU:2015-05933

BDU:2015-05934

BDU:2015-05935

BDU:2015-05936

BDU:2015-05937

BDU:2015-09761

CVE-2014-3465

MGASA-2014-0248

OPENSUSE-SU-2014_0763-1

RHSA-2014:0684

RHSA-2014_0684

Affected Products

Gnutls

Red Hat

Suse

PT-2014-9115 · Gnu+2 · Gnutls+2

CVE-2014-3465

Weakness Enumeration

Related Identifiers

Affected Products

References · 72