[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2014-0684 -- Oracle gnutls

ID: oval:org.secpod.oval:def:1500629Date: (C)2014-08-22   (M)2024-02-19
Class: PATCHFamily: unix




A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code.

Platform:
Oracle Linux 7
Product:
gnutls
Reference:
ELSA-2014-0684
CVE-2014-3466
CVE-2014-3465
CVE    2
CVE-2014-3466
CVE-2014-3465
CPE    78
cpe:/a:gnu:gnutls:3.0.1
cpe:/a:gnu:gnutls:3.0.0
cpe:/a:gnu:gnutls:3.0.3
cpe:/a:gnu:gnutls:3.2.1
...

© SecPod Technologies