CVE-2014-3466
gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
Desbordamiento de buffer en la función read_server_hello en lib/gnutls_handshake.c en GnuTLS anterior a 3.1.25, 3.2.x anterior a 3.2.15 y 3.3.x anterior a 3.3.4 permite a servidores remotos causar una denegación de servicio (consumo de memoria) o posiblemente ejecutar código arbitrario a través de una sesión id larga en un mensaje ServerHello.
A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code.
Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs. A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC certificates or certificate signing requests. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-14 CVE Reserved
- 2014-06-02 CVE Published
- 2022-11-09 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (35)
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.3.0 Search vendor "Gnu" for product "Gnutls" and version "3.3.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.3.0 Search vendor "Gnu" for product "Gnutls" and version "3.3.0" | pre0 |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.3.1 Search vendor "Gnu" for product "Gnutls" and version "3.3.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.3.2 Search vendor "Gnu" for product "Gnutls" and version "3.3.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.3.3 Search vendor "Gnu" for product "Gnutls" and version "3.3.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | <= 3.1.24 Search vendor "Gnu" for product "Gnutls" and version " <= 3.1.24" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.0 Search vendor "Gnu" for product "Gnutls" and version "3.1.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.1 Search vendor "Gnu" for product "Gnutls" and version "3.1.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.2 Search vendor "Gnu" for product "Gnutls" and version "3.1.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.3 Search vendor "Gnu" for product "Gnutls" and version "3.1.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.4 Search vendor "Gnu" for product "Gnutls" and version "3.1.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.5 Search vendor "Gnu" for product "Gnutls" and version "3.1.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.6 Search vendor "Gnu" for product "Gnutls" and version "3.1.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.7 Search vendor "Gnu" for product "Gnutls" and version "3.1.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.8 Search vendor "Gnu" for product "Gnutls" and version "3.1.8" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.9 Search vendor "Gnu" for product "Gnutls" and version "3.1.9" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.10 Search vendor "Gnu" for product "Gnutls" and version "3.1.10" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.11 Search vendor "Gnu" for product "Gnutls" and version "3.1.11" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.12 Search vendor "Gnu" for product "Gnutls" and version "3.1.12" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.13 Search vendor "Gnu" for product "Gnutls" and version "3.1.13" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.14 Search vendor "Gnu" for product "Gnutls" and version "3.1.14" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.15 Search vendor "Gnu" for product "Gnutls" and version "3.1.15" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.16 Search vendor "Gnu" for product "Gnutls" and version "3.1.16" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.17 Search vendor "Gnu" for product "Gnutls" and version "3.1.17" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.18 Search vendor "Gnu" for product "Gnutls" and version "3.1.18" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.19 Search vendor "Gnu" for product "Gnutls" and version "3.1.19" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.20 Search vendor "Gnu" for product "Gnutls" and version "3.1.20" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.21 Search vendor "Gnu" for product "Gnutls" and version "3.1.21" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.22 Search vendor "Gnu" for product "Gnutls" and version "3.1.22" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.23 Search vendor "Gnu" for product "Gnutls" and version "3.1.23" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.0 Search vendor "Gnu" for product "Gnutls" and version "3.2.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.1 Search vendor "Gnu" for product "Gnutls" and version "3.2.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.2 Search vendor "Gnu" for product "Gnutls" and version "3.2.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.3 Search vendor "Gnu" for product "Gnutls" and version "3.2.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.4 Search vendor "Gnu" for product "Gnutls" and version "3.2.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.5 Search vendor "Gnu" for product "Gnutls" and version "3.2.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.6 Search vendor "Gnu" for product "Gnutls" and version "3.2.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.7 Search vendor "Gnu" for product "Gnutls" and version "3.2.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.8 Search vendor "Gnu" for product "Gnutls" and version "3.2.8" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.8.1 Search vendor "Gnu" for product "Gnutls" and version "3.2.8.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.9 Search vendor "Gnu" for product "Gnutls" and version "3.2.9" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.10 Search vendor "Gnu" for product "Gnutls" and version "3.2.10" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.11 Search vendor "Gnu" for product "Gnutls" and version "3.2.11" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.12 Search vendor "Gnu" for product "Gnutls" and version "3.2.12" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.12.1 Search vendor "Gnu" for product "Gnutls" and version "3.2.12.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.13 Search vendor "Gnu" for product "Gnutls" and version "3.2.13" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.14 Search vendor "Gnu" for product "Gnutls" and version "3.2.14" | - |
Affected
| ||||||