CVE-2014-3466

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.gnutls.org/security.html", "name": "http://www.gnutls.org/security.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2014/dsa-2944", "name": "DSA-2944", "tags": [], "refsource": "DEBIAN"}, {"url": "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd", "name": "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd", "tags": ["Exploit", "Patch"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932", "tags": [], "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html", "name": "RHSA-2014:0594", "tags": [], "refsource": "REDHAT"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html", "name": "openSUSE-SU-2014:0767", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/58601", "name": "58601", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/59016", "name": "59016", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/58642", "name": "58642", "tags": [], "refsource": "SECUNIA"}, {"url": "http://linux.oracle.com/errata/ELSA-2014-0595.html", "name": "http://linux.oracle.com/errata/ELSA-2014-0595.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/58340", "name": "58340", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/58598", "name": "58598", "tags": [], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html", "name": "openSUSE-SU-2014:0763", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/59057", "name": "59057", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/59021", "name": "59021", "tags": [], "refsource": "SECUNIA"}, {"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html", "name": "http://linux.oracle.com/errata/ELSA-2014-0594.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/59086", "name": "59086", "tags": [], "refsource": "SECUNIA"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html", "name": "RHSA-2014:0815", "tags": [], "refsource": "REDHAT"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678776", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678776", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/59838", "name": "59838", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id/1030314", "name": "1030314", "tags": [], "refsource": "SECTRACK"}, {"url": "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/", "name": "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/67741", "name": "67741", "tags": [], "refsource": "BID"}, {"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155", "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.novell.com/support/kb/doc.php?id=7015303", "name": "http://www.novell.com/support/kb/doc.php?id=7015303", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.novell.com/support/kb/doc.php?id=7015302", "name": "http://www.novell.com/support/kb/doc.php?id=7015302", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/60384", "name": "60384", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/59408", "name": "59408", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/USN-2229-1", "name": "USN-2229-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html", "name": "RHSA-2014:0684", "tags": [], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0595.html", "name": "RHSA-2014:0595", "tags": [], "refsource": "REDHAT"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html", "name": "SUSE-SU-2014:0788", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html", "name": "SUSE-SU-2014:0758", "tags": [], "refsource": "SUSE"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-3466", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-06-03T14:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.1.24"}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-12-29T02:29Z"}