Your submission was sent successfully! Close

CVE-2014-3466

Published: 1 June 2014

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

Priority

Medium

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
lucid
Released (2.8.5-2ubuntu0.6)
precise
Released (2.12.14-5ubuntu3.8)
saucy
Released (2.12.23-1ubuntu4.3)
trusty
Released (2.12.23-12ubuntu2.1)
upstream Needs triage

utopic
Released (2.12.23-15ubuntu2)
vivid Does not exist

gnutls28
Launchpad, Ubuntu, Debian
lucid Does not exist

precise
Released (3.0.11-1ubuntu2.1)
saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was released [3.2.11-2ubuntu1.1])
upstream
Released (3.1.25,3.2.15,3.3.4)
utopic Not vulnerable
(3.2.15-1)
vivid Not vulnerable
(3.2.15-1)