CVE-2014-8564

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.

References

http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html

http://rhn.redhat.com/errata/RHSA-2014-1846.html

http://secunia.com/advisories/59991

http://secunia.com/advisories/62284

http://secunia.com/advisories/62294

http://www.ubuntu.com/usn/USN-2403-1

https://bugzilla.redhat.com/show_bug.cgi?id=1161443

Details

Source: MITRE

Published: 2014-11-13

Updated: 2018-10-30

Type: CWE-310

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.16:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.18:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.19:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.20:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.21:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.22:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.23:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.24:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.25:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.26:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.27:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.0.28:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.20:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.21:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.22:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.23:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.24:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.25:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.26:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.1.27:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.12:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.12.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.13:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.14:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.15:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.16:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.17:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.18:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.2.19:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.9:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
83650SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2014:1628-1)NessusSuSE Local Security Checks
medium
82325Mandriva Linux Security Advisory : gnutls (MDVSA-2015:072)NessusMandriva Local Security Checks
medium
79413openSUSE Security Update : gnutls (openSUSE-SU-2014:1472-1)NessusSuSE Local Security Checks
medium
79347Mandriva Linux Security Advisory : gnutls (MDVSA-2014:215)NessusMandriva Local Security Checks
medium
79262Fedora 21 : gnutls-3.3.10-1.fc21 (2014-14734)NessusFedora Local Security Checks
medium
79240Fedora 20 : gnutls-3.1.28-1.fc20 (2014-14760)NessusFedora Local Security Checks
medium
79231Scientific Linux Security Update : gnutls on SL7.x x86_64 (20141112)NessusScientific Linux Local Security Checks
medium
79227Oracle Linux 7 : gnutls (ELSA-2014-1846)NessusOracle Linux Local Security Checks
medium
79220CentOS 7 : gnutls (CESA-2014:1846)NessusCentOS Local Security Checks
medium
79209Ubuntu 14.10 : gnutls28 vulnerability (USN-2403-1)NessusUbuntu Local Security Checks
medium
79207RHEL 7 : gnutls (RHSA-2014:1846)NessusRed Hat Local Security Checks
medium