Upstream information

CVE-2014-3465 at MITRE

Description

The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 880733 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • gnutls >= 3.0.28-1.14.1
  • gnutls-debuginfo >= 3.0.28-1.14.1
  • gnutls-debugsource >= 3.0.28-1.14.1
  • libgnutls-devel >= 3.0.28-1.14.1
  • libgnutls-devel-32bit >= 3.0.28-1.14.1
  • libgnutls-openssl-devel >= 3.0.28-1.14.1
  • libgnutls-openssl27 >= 3.0.28-1.14.1
  • libgnutls-openssl27-debuginfo >= 3.0.28-1.14.1
  • libgnutls28 >= 3.0.28-1.14.1
  • libgnutls28-32bit >= 3.0.28-1.14.1
  • libgnutls28-debuginfo >= 3.0.28-1.14.1
  • libgnutls28-debuginfo-32bit >= 3.0.28-1.14.1
  • libgnutlsxx-devel >= 3.0.28-1.14.1
  • libgnutlsxx28 >= 3.0.28-1.14.1
  • libgnutlsxx28-debuginfo >= 3.0.28-1.14.1
Patchnames:
openSUSE-2014-411
openSUSE 13.1
  • gnutls >= 3.2.4-2.24.1
  • gnutls-debuginfo >= 3.2.4-2.24.1
  • gnutls-debugsource >= 3.2.4-2.24.1
  • libgnutls-devel >= 3.2.4-2.24.1
  • libgnutls-devel-32bit >= 3.2.4-2.24.1
  • libgnutls-openssl-devel >= 3.2.4-2.24.1
  • libgnutls-openssl27 >= 3.2.4-2.24.1
  • libgnutls-openssl27-debuginfo >= 3.2.4-2.24.1
  • libgnutls28 >= 3.2.4-2.24.1
  • libgnutls28-32bit >= 3.2.4-2.24.1
  • libgnutls28-debuginfo >= 3.2.4-2.24.1
  • libgnutls28-debuginfo-32bit >= 3.2.4-2.24.1
  • libgnutlsxx-devel >= 3.2.4-2.24.1
  • libgnutlsxx28 >= 3.2.4-2.24.1
  • libgnutlsxx28-debuginfo >= 3.2.4-2.24.1
Patchnames:
openSUSE-2014-411