Published: 03/06/2014 Updated: 14/02/2024

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS prior to 3.1.25, 3.2.x prior to 3.2.15, and 3.3.x prior to 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu gnutls 3.3.1
gnu gnutls 3.3.0
gnu gnutls 3.3.3
gnu gnutls 3.3.2
gnu gnutls 3.1.0
gnu gnutls 3.1.11
gnu gnutls 3.1.13
gnu gnutls 3.1.20
gnu gnutls 3.1.19
gnu gnutls 3.1.18
gnu gnutls 3.1.5
gnu gnutls 3.1.15
gnu gnutls 3.1.4
gnu gnutls 3.1.22
gnu gnutls 3.1.8
gnu gnutls 3.1.16
gnu gnutls 3.1.1
gnu gnutls 3.1.17
gnu gnutls 3.1.12
gnu gnutls 3.1.10
gnu gnutls 3.1.7
gnu gnutls 3.1.2
gnu gnutls 3.1.14
gnu gnutls 3.1.21
gnu gnutls
gnu gnutls 3.1.3
gnu gnutls 3.1.6
gnu gnutls 3.1.23
gnu gnutls 3.1.9
gnu gnutls 3.2.14
gnu gnutls 3.2.11
gnu gnutls 3.2.3
gnu gnutls 3.2.0
gnu gnutls 3.2.1
gnu gnutls 3.2.12
gnu gnutls 3.2.8
gnu gnutls 3.2.4
gnu gnutls 3.2.12.1
gnu gnutls 3.2.9
gnu gnutls 3.2.6
gnu gnutls 3.2.10
gnu gnutls 3.2.7
gnu gnutls 3.2.2
gnu gnutls 3.2.13
gnu gnutls 3.2.5
gnu gnutls 3.2.8.1

GnuTLS could be made to crash or run programs if it connected to a malicious server ...

Joonas Kuorilehto discovered that GNU TLS performed insufficient validation of session IDs during TLS/SSL handshakes A malicious server could use this to execute arbitrary code or perform denial of service For the stable distribution (wheezy), this problem has been fixed in version 21220-8+deb7u2 For the unstable distribution (sid), this probl ...

A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute ar ...

Proof of Concept for CVE-2014-3466 (GnuTLS buffer overflow: session id length check)

Proof of Concept for CVE-2014-3466 (GnuTLS buffer overflow: session id length check) Information See: bugzillaredhatcom/show_bugcgi?id=1101932 This is not a weaponized exploit be warned: this python code is ugly, I pretty much handcrafted the ServerHello and spent only about five fifteen minutes on the python part itself feel free to improve this exploit as you wis

Linux users at risk as ANOTHER critical GnuTLS bug found

The Register • Darren Pauli • 04 Jun 2014

Patch! Patch! Patch!

The GNUtls woes continue, with another critical flaw discovered and patched after researchers worked out malicious servers could hijack users of the cryptographic library. Red Hat engineer Nikos Mavrogiannopoulos, who issued a patch for the flaw (CVE-2014-3466) Saturday, shortly after it was reported 28 May by Codenomicon researcher Joonas Kuorilehto. Users of other affected software will have to sit tight until their developers incorporate the fix. Until then, they'll remain open to malware att...

CVE-2014-3466

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect