CVE-2014-3465
GnuTLS 3.0-3.1.19 and 3.2.x < 3.2.10 - Denial of Service via Crafted X.509 Certificate
Title source: llmDescription
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.
References (8)
Core 8
Core References
Various Sources mailing-list
x_refsource_mlist
http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1101734
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59086
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0684.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html
Patch x_refsource_confirm
https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html
Various Sources mailing-list
x_refsource_mlist
http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html
Scores
EPSS
0.0063
EPSS Percentile
70.5%
Details
Status
published
Products (50)
gnu/gnutls
3.0.0
gnu/gnutls
3.0.1
gnu/gnutls
3.0.2
gnu/gnutls
3.0.3
gnu/gnutls
3.0.4
gnu/gnutls
3.0.5
gnu/gnutls
3.0.6
gnu/gnutls
3.0.7
gnu/gnutls
3.0.8
gnu/gnutls
3.0.9
... and 40 more
Published
Jun 10, 2014
Tracked Since
Feb 18, 2026