Buffer Overflow Vulnerability in GnuTLS by GnuTLS
CVE-2014-3466

Currently unrated

Key Information:

Vendor
Gnu
Status
Gnutls
Vendor
CVE Published:
3 June 2014

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 20%

Summary

A buffer overflow exists in the read_server_hello function within lib/gnutls_handshake.c in GnuTLS, potentially enabling remote servers to exploit this flaw. By sending excessively long session IDs in a ServerHello message, an attacker could cause a denial of service through memory corruption or, in more severe cases, execute arbitrary code. This vulnerability affects various versions of GnuTLS prior to the specified patches, making it crucial for users to upgrade to secure versions to safeguard their systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2014-3466_PoC
Created by azet

References

http://www.gnutls.org/security.html
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678776
x_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-2944
vendor-advisoryx_refsource_DEBIAN

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability Reserved

.