CVE-2013-4466
GnuTLS 3.1.x-3.1.14 and 3.2.x-3.2.4 - Denial of Service via DANE Response with Excessive Entries
Title source: llmDescription
Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/10/25/2
Patch mailing-list
x_refsource_mlist
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050
Vendor Advisory x_refsource_confirm
http://www.gnutls.org/security.html#GNUTLS-SA-2013-3
Patch mailing-list
x_refsource_mlist
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049
Scores
EPSS
0.0057
EPSS Percentile
68.9%
Details
CWE
CWE-119
Status
published
Products (20)
gnu/gnutls
3.1.0
gnu/gnutls
3.1.1
gnu/gnutls
3.1.2
gnu/gnutls
3.1.3
gnu/gnutls
3.1.4
gnu/gnutls
3.1.5
gnu/gnutls
3.1.6
gnu/gnutls
3.1.7
gnu/gnutls
3.1.8
gnu/gnutls
3.1.9
... and 10 more
Published
Nov 20, 2013
Tracked Since
Feb 18, 2026