Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS prior to 3.1.25, 3.2.x prior to 3.2.15, and 3.3.x prior to 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu gnutls 3.3.1 |
||
gnu gnutls 3.3.0 |
||
gnu gnutls 3.3.3 |
||
gnu gnutls 3.3.2 |
||
gnu gnutls 3.1.0 |
||
gnu gnutls 3.1.11 |
||
gnu gnutls 3.1.13 |
||
gnu gnutls 3.1.20 |
||
gnu gnutls 3.1.19 |
||
gnu gnutls 3.1.18 |
||
gnu gnutls 3.1.5 |
||
gnu gnutls 3.1.15 |
||
gnu gnutls 3.1.4 |
||
gnu gnutls 3.1.22 |
||
gnu gnutls 3.1.8 |
||
gnu gnutls 3.1.16 |
||
gnu gnutls 3.1.1 |
||
gnu gnutls 3.1.17 |
||
gnu gnutls 3.1.12 |
||
gnu gnutls 3.1.10 |
||
gnu gnutls 3.1.7 |
||
gnu gnutls 3.1.2 |
||
gnu gnutls 3.1.14 |
||
gnu gnutls 3.1.21 |
||
gnu gnutls |
||
gnu gnutls 3.1.3 |
||
gnu gnutls 3.1.6 |
||
gnu gnutls 3.1.23 |
||
gnu gnutls 3.1.9 |
||
gnu gnutls 3.2.14 |
||
gnu gnutls 3.2.11 |
||
gnu gnutls 3.2.3 |
||
gnu gnutls 3.2.0 |
||
gnu gnutls 3.2.1 |
||
gnu gnutls 3.2.12 |
||
gnu gnutls 3.2.8 |
||
gnu gnutls 3.2.4 |
||
gnu gnutls 3.2.12.1 |
||
gnu gnutls 3.2.9 |
||
gnu gnutls 3.2.6 |
||
gnu gnutls 3.2.10 |
||
gnu gnutls 3.2.7 |
||
gnu gnutls 3.2.2 |
||
gnu gnutls 3.2.13 |
||
gnu gnutls 3.2.5 |
||
gnu gnutls 3.2.8.1 |
Patch! Patch! Patch!
The GNUtls woes continue, with another critical flaw discovered and patched after researchers worked out malicious servers could hijack users of the cryptographic library. Red Hat engineer Nikos Mavrogiannopoulos, who issued a patch for the flaw (CVE-2014-3466) Saturday, shortly after it was reported 28 May by Codenomicon researcher Joonas Kuorilehto. Users of other affected software will have to sit tight until their developers incorporate the fix. Until then, they'll remain open to malware att...