Denial of Service Vulnerability in GnuTLS by GnuTLS
CVE-2014-3465
Currently unrated
Summary
The gnutls_x509_dn_oid_name function in GnuTLS versions 3.0 through 3.1.19 and 3.2.x prior to 3.2.10 is susceptible to a denial of service condition. This vulnerability can be exploited by remote attackers through the use of specially crafted X.509 certificates, which trigger a NULL pointer dereference due to a missing LDAP description for an Object Identifier (OID) during the Distinguished Name (DN) printing process. This issue may lead to service disruption, making it critical for users to upgrade to secure versions to mitigate exposure.
References
Timeline
Vulnerability published
Vulnerability Reserved