Denial of Service Vulnerability in GnuTLS by GnuTLS
CVE-2014-3465

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
10 June 2014

Summary

The gnutls_x509_dn_oid_name function in GnuTLS versions 3.0 through 3.1.19 and 3.2.x prior to 3.2.10 is susceptible to a denial of service condition. This vulnerability can be exploited by remote attackers through the use of specially crafted X.509 certificates, which trigger a NULL pointer dereference due to a missing LDAP description for an Object Identifier (OID) during the Distinguished Name (DN) printing process. This issue may lead to service disruption, making it critical for users to upgrade to secure versions to mitigate exposure.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.