CVE-2014-3466 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Gnutls
Severity
6.8MEDIUMNVD
EPSS
13.7%
top 5.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 3
Latest updateMay 14
Description
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4
Affected Packages1 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-cc2g-hj2r-x228: Buffer overflow in the read_server_hello function in lib/gnutls_handshake↗2022-05-14
CVEList
▶
OSV
▶
📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2014-3466 gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3) [fedora-all]↗2014-05-30
Bugzilla▶
CVE-2014-3466 mingw-gnutls: gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3) [fedora-all]↗2014-05-30
Bugzilla▶
CVE-2014-3466 mingw32-gnutls: gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3) [epel-5]↗2014-05-30
Bugzilla▶
CVE-2014-3466 gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3)↗2014-05-28