CVE-2014-3465

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnutls
Vendor: CVE Published:; 10 June 2014

Summary

The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.

References

http://lists.gnutls.org/pipermail/gnutls-help/2014-Januar...

mailing-listx_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=1101734

x_refsource_MISC

http://secunia.com/advisories/59086

third-party-advisoryx_refsource_SECUNIA

EPSS Score

4% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 10, 2014
Vulnerability Reserved
May 14, 2014