Alpine: multiple gnutls packages: security update to 3.3.2-r0 (deprecated)

critical Tenable Cloud Security Plugin ID 401210

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x
before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory
corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
(CVE-2014-3466)

See Also

https://git.alpinelinux.org/aports/commit/?id=eca45a909af509397296d321ac361f4fd25768f3

https://git.alpinelinux.org/aports/commit/?id=f8e32af713e4ad07627600f6d912c5e8e6965069

Plugin Details

Severity: Critical

ID: 401210

Version: Revision 1.27

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-3466

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/4/2014

Vulnerability Publication Date: 5/30/2014

Reference Information

CVE: CVE-2014-3466

BID: 67741