Vulnerability Description
Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Gnutls | 3.1.0 |
Related Weaknesses (CWE)
References
- http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049Patch
- http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050Patch
- http://www.gnutls.org/security.html#GNUTLS-SA-2013-3Vendor Advisory
- http://www.openwall.com/lists/oss-security/2013/10/25/2
- http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049Patch
- http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050Patch
- http://www.gnutls.org/security.html#GNUTLS-SA-2013-3Vendor Advisory
- http://www.openwall.com/lists/oss-security/2013/10/25/2
FAQ
What is CVE-2013-4466?
CVE-2013-4466 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption...
How severe is CVE-2013-4466?
CVE-2013-4466 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4466?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gnutls.