Denial of Service Vulnerability in GnuTLS by GnuTLS
CVE-2014-3465

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnutls
Vendor: CVE Published:; 10 June 2014

Summary

The gnutls_x509_dn_oid_name function in GnuTLS versions 3.0 through 3.1.19 and 3.2.x prior to 3.2.10 is susceptible to a denial of service condition. This vulnerability can be exploited by remote attackers through the use of specially crafted X.509 certificates, which trigger a NULL pointer dereference due to a missing LDAP description for an Object Identifier (OID) during the Distinguished Name (DN) printing process. This issue may lead to service disruption, making it critical for users to upgrade to secure versions to mitigate exposure.

References

http://lists.gnutls.org/pipermail/gnutls-help/2014-Januar...

mailing-listx_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=1101734

x_refsource_MISC

http://secunia.com/advisories/59086

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jun 10, 2014
Vulnerability Reserved
May 14, 2014