Upstream information
CVE-2014-3465 at MITRE
Description
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.
SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
CVSS v2 Scores
| National Vulnerability Database |
Base Score | 5 |
Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
SUSE Bugzilla entry:
880733 [RESOLVED / FIXED]
SUSE Security Advisories:
List of released packages
Product(s) | Fixed package version(s) | References |
openSUSE 12.3 |
gnutls >= 3.0.28-1.14.1
gnutls-debuginfo >= 3.0.28-1.14.1
gnutls-debugsource >= 3.0.28-1.14.1
libgnutls-devel >= 3.0.28-1.14.1
libgnutls-devel-32bit >= 3.0.28-1.14.1
libgnutls-openssl-devel >= 3.0.28-1.14.1
libgnutls-openssl27 >= 3.0.28-1.14.1
libgnutls-openssl27-debuginfo >= 3.0.28-1.14.1
libgnutls28 >= 3.0.28-1.14.1
libgnutls28-32bit >= 3.0.28-1.14.1
libgnutls28-debuginfo >= 3.0.28-1.14.1
libgnutls28-debuginfo-32bit >= 3.0.28-1.14.1
libgnutlsxx-devel >= 3.0.28-1.14.1
libgnutlsxx28 >= 3.0.28-1.14.1
libgnutlsxx28-debuginfo >= 3.0.28-1.14.1
| Patchnames: openSUSE-2014-411 |
openSUSE 13.1 |
gnutls >= 3.2.4-2.24.1
gnutls-debuginfo >= 3.2.4-2.24.1
gnutls-debugsource >= 3.2.4-2.24.1
libgnutls-devel >= 3.2.4-2.24.1
libgnutls-devel-32bit >= 3.2.4-2.24.1
libgnutls-openssl-devel >= 3.2.4-2.24.1
libgnutls-openssl27 >= 3.2.4-2.24.1
libgnutls-openssl27-debuginfo >= 3.2.4-2.24.1
libgnutls28 >= 3.2.4-2.24.1
libgnutls28-32bit >= 3.2.4-2.24.1
libgnutls28-debuginfo >= 3.2.4-2.24.1
libgnutls28-debuginfo-32bit >= 3.2.4-2.24.1
libgnutlsxx-devel >= 3.2.4-2.24.1
libgnutlsxx28 >= 3.2.4-2.24.1
libgnutlsxx28-debuginfo >= 3.2.4-2.24.1
| Patchnames: openSUSE-2014-411 |