CVE-2013-4487

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4487 at MITRE

Description

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 848510 [RESOLVED / FIXED], 848621 [RESOLVED / DUPLICATE]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 13.1
  • gnutls >= 3.2.4-2.5.1
  • gnutls-debuginfo >= 3.2.4-2.5.1
  • gnutls-debugsource >= 3.2.4-2.5.1
  • libgnutls-devel >= 3.2.4-2.5.1
  • libgnutls-devel-32bit >= 3.2.4-2.5.1
  • libgnutls-openssl-devel >= 3.2.4-2.5.1
  • libgnutls-openssl27 >= 3.2.4-2.5.1
  • libgnutls-openssl27-debuginfo >= 3.2.4-2.5.1
  • libgnutls28 >= 3.2.4-2.5.1
  • libgnutls28-32bit >= 3.2.4-2.5.1
  • libgnutls28-debuginfo >= 3.2.4-2.5.1
  • libgnutls28-debuginfo-32bit >= 3.2.4-2.5.1
  • libgnutlsxx-devel >= 3.2.4-2.5.1
  • libgnutlsxx28 >= 3.2.4-2.5.1
  • libgnutlsxx28-debuginfo >= 3.2.4-2.5.1
Patchnames:
openSUSE-2013-858