Buffer Overflow Vulnerability in GnuTLS by GnuTLS
CVE-2014-3466
Key Information:
Badges
Summary
A buffer overflow exists in the read_server_hello function within lib/gnutls_handshake.c in GnuTLS, potentially enabling remote servers to exploit this flaw. By sending excessively long session IDs in a ServerHello message, an attacker could cause a denial of service through memory corruption or, in more severe cases, execute arbitrary code. This vulnerability affects various versions of GnuTLS prior to the specified patches, making it crucial for users to upgrade to secure versions to safeguard their systems.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
20% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability Reserved