#VU32530 Buffer overflow in GnuTLS - CVE-2014-3466

Cybersecurity Help s.r.o.

Published: 2014-06-03 | Updated: 2020-07-28

Vulnerability identifier: #VU32530

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2014-3466

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
GnuTLS
Universal components / Libraries / Libraries used by multiple products

Vendor: GnuTLS

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

Mitigation
Install update from vendor's website.

Vulnerable software versions

GnuTLS: 3.1.0 - 3.3.3

External links
https://linux.oracle.com/errata/ELSA-2014-0594.html
https://linux.oracle.com/errata/ELSA-2014-0595.html
https://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html
https://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html
https://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
https://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
https://rhn.redhat.com/errata/RHSA-2014-0594.html
https://rhn.redhat.com/errata/RHSA-2014-0595.html
https://rhn.redhat.com/errata/RHSA-2014-0684.html
https://rhn.redhat.com/errata/RHSA-2014-0815.html
https://secunia.com/advisories/58340
https://secunia.com/advisories/58598
https://secunia.com/advisories/58601
https://secunia.com/advisories/58642
https://secunia.com/advisories/59016
https://secunia.com/advisories/59021
https://secunia.com/advisories/59057
https://secunia.com/advisories/59086
https://secunia.com/advisories/59408
https://secunia.com/advisories/59838
https://secunia.com/advisories/60384
https://www.debian.org/security/2014/dsa-2944
https://www.gnutls.org/security.html
https://www.novell.com/support/kb/doc.php?id=7015302
https://www.novell.com/support/kb/doc.php?id=7015303
https://www.securityfocus.com/bid/67741
https://www.securitytracker.com/id/1030314
https://www.ubuntu.com/usn/USN-2229-1
https://www-01.ibm.com/support/docview.wss?uid=swg21678776
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155
https://bugzilla.redhat.com/show_bug.cgi?id=1101932
https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE Linux update for GnuTLS

Gentoo update for GnuTLS

Slackware Linux update for gnutls

Amazon Linux AMI update for gnutls

SUSE Linux update for gnutls

Buffer overflow in gnutls (Alpine package)

Buffer overflow in GnuTLS