CVE-2014-3465

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.

References

http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html

http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html

http://rhn.redhat.com/errata/RHSA-2014-0684.html

http://secunia.com/advisories/59086

https://bugzilla.redhat.com/show_bug.cgi?id=1101734

https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6

Details

Source: MITRE

Published: 2014-06-10

Updated: 2017-12-29

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.16:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.18:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.19:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.20:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.21:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.22:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.23:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.24:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.25:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.26:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.27:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.28:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
82325Mandriva Linux Security Advisory : gnutls (MDVSA-2015:072)NessusMandriva Local Security Checks
medium
80632Oracle Solaris Third-Party Patch Update : gnutls (multiple_vulnerabilities_in_gnutls)NessusSolaris Local Security Checks
medium
76893RHEL 7 : gnutls (RHSA-2014:0684)NessusRed Hat Local Security Checks
medium
76731Oracle Linux 7 : gnutls (ELSA-2014-0684)NessusOracle Linux Local Security Checks
medium
76061GLSA-201406-09 : GnuTLS: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
75384openSUSE Security Update : gnutls (openSUSE-SU-2014:0763-1)NessusSuSE Local Security Checks
medium
74417Mandriva Linux Security Advisory : gnutls (MDVSA-2014:108)NessusMandriva Local Security Checks
medium
74329Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : gnutls (SSA:2014-156-01)NessusSlackware Local Security Checks
medium