CVE-2013-4466

CWE-119Buffer OverflowCWE-1939 documents7 sources
Severity
5.0MEDIUM
EPSS
0.6%
top 31.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Gnutls
Timeline
PublishedNov 20
Latest updateMay 17

Description

Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Ubuntugnutls28< 3.2.11-2ubuntu1
NVDgnu/gnutls20 versions+19

Patches

Patch: article.gmane.orgPatch: article.gmane.orgPatch: article.gmane.org

🔴Vulnerability Details

3
GHSA
GHSA-7hp3-frg2-6v54: Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 32022-05-17
OSV
CVE-2013-4466: Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 32013-11-20
CVEList
CVE-2013-4466: Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 32013-11-19

📋Vendor Advisories

3
Red Hat
gnutls: dane_query_tlsa() CVE-2013-4466 fix off-by-one2013-10-29
Red Hat
gnutls: dane_query_tlsa() buffer overflow (GNUTLS-SA-2013-3)2013-10-23
Debian
CVE-2013-4466: gnutls28 - Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in...2013

💬Community

2
Bugzilla
CVE-2013-4487 gnutls: dane_query_tlsa() CVE-2013-4466 fix off-by-one2013-11-01
Bugzilla
CVE-2013-4466 gnutls: dane_query_tlsa() buffer overflow (GNUTLS-SA-2013-3)2013-10-24
CVE-2013-4466 (MEDIUM CVSS 5) | Buffer overflow in the dane_query_t | cvebase.io