CVE-2013-4487

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4487 at MITRE

Description

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

SUSE information

SUSE Bugzilla entries: 848510, 848621

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 13.1
  • gnutls >= 3.2.4-2.5.1
  • gnutls-debuginfo >= 3.2.4-2.5.1
  • gnutls-debugsource >= 3.2.4-2.5.1
  • libgnutls-devel >= 3.2.4-2.5.1
  • libgnutls-devel-32bit >= 3.2.4-2.5.1
  • libgnutls-openssl-devel >= 3.2.4-2.5.1
  • libgnutls-openssl27 >= 3.2.4-2.5.1
  • libgnutls-openssl27-debuginfo >= 3.2.4-2.5.1
  • libgnutls28 >= 3.2.4-2.5.1
  • libgnutls28-32bit >= 3.2.4-2.5.1
  • libgnutls28-debuginfo >= 3.2.4-2.5.1
  • libgnutls28-debuginfo-32bit >= 3.2.4-2.5.1
  • libgnutlsxx-devel >= 3.2.4-2.5.1
  • libgnutlsxx28 >= 3.2.4-2.5.1
  • libgnutlsxx28-debuginfo >= 3.2.4-2.5.1
Patchnames:
openSUSE-2013-858