First published: Fri Nov 07 2014(Updated: )
IssueDescription: An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/gnutls | <3.1.28 | 3.1.28 |
redhat/gnutls | <3.2.20 | 3.2.20 |
redhat/gnutls | <3.3.10 | 3.3.10 |
GNU GnuTLS | =3.0 | |
GNU GnuTLS | =3.0.0 | |
GNU GnuTLS | =3.0.1 | |
GNU GnuTLS | =3.0.2 | |
GNU GnuTLS | =3.0.3 | |
GNU GnuTLS | =3.0.4 | |
GNU GnuTLS | =3.0.5 | |
GNU GnuTLS | =3.0.6 | |
GNU GnuTLS | =3.0.7 | |
GNU GnuTLS | =3.0.8 | |
GNU GnuTLS | =3.0.9 | |
GNU GnuTLS | =3.0.10 | |
GNU GnuTLS | =3.0.11 | |
GNU GnuTLS | =3.0.12 | |
GNU GnuTLS | =3.0.13 | |
GNU GnuTLS | =3.0.14 | |
GNU GnuTLS | =3.0.15 | |
GNU GnuTLS | =3.0.16 | |
GNU GnuTLS | =3.0.17 | |
GNU GnuTLS | =3.0.18 | |
GNU GnuTLS | =3.0.19 | |
GNU GnuTLS | =3.0.20 | |
GNU GnuTLS | =3.0.21 | |
GNU GnuTLS | =3.0.22 | |
GNU GnuTLS | =3.0.23 | |
GNU GnuTLS | =3.0.24 | |
GNU GnuTLS | =3.0.25 | |
GNU GnuTLS | =3.0.26 | |
GNU GnuTLS | =3.0.27 | |
GNU GnuTLS | =3.0.28 | |
GNU GnuTLS | =3.1.0 | |
GNU GnuTLS | =3.1.1 | |
GNU GnuTLS | =3.1.2 | |
GNU GnuTLS | =3.1.3 | |
GNU GnuTLS | =3.1.4 | |
GNU GnuTLS | =3.1.5 | |
GNU GnuTLS | =3.1.6 | |
GNU GnuTLS | =3.1.7 | |
GNU GnuTLS | =3.1.8 | |
GNU GnuTLS | =3.1.9 | |
GNU GnuTLS | =3.1.10 | |
GNU GnuTLS | =3.1.11 | |
GNU GnuTLS | =3.1.12 | |
GNU GnuTLS | =3.1.13 | |
GNU GnuTLS | =3.1.14 | |
GNU GnuTLS | =3.1.15 | |
GNU GnuTLS | =3.1.16 | |
GNU GnuTLS | =3.1.17 | |
GNU GnuTLS | =3.1.18 | |
GNU GnuTLS | =3.1.19 | |
GNU GnuTLS | =3.1.20 | |
GNU GnuTLS | =3.1.21 | |
GNU GnuTLS | =3.1.22 | |
GNU GnuTLS | =3.1.23 | |
GNU GnuTLS | =3.1.24 | |
GNU GnuTLS | =3.1.25 | |
GNU GnuTLS | =3.1.26 | |
GNU GnuTLS | =3.1.27 | |
GNU GnuTLS | =3.2.0 | |
GNU GnuTLS | =3.2.1 | |
GNU GnuTLS | =3.2.2 | |
GNU GnuTLS | =3.2.3 | |
GNU GnuTLS | =3.2.4 | |
GNU GnuTLS | =3.2.5 | |
GNU GnuTLS | =3.2.6 | |
GNU GnuTLS | =3.2.7 | |
GNU GnuTLS | =3.2.8 | |
GNU GnuTLS | =3.2.8.1 | |
GNU GnuTLS | =3.2.9 | |
GNU GnuTLS | =3.2.10 | |
GNU GnuTLS | =3.2.11 | |
GNU GnuTLS | =3.2.12 | |
GNU GnuTLS | =3.2.12.1 | |
GNU GnuTLS | =3.2.13 | |
GNU GnuTLS | =3.2.14 | |
GNU GnuTLS | =3.2.15 | |
GNU GnuTLS | =3.2.16 | |
GNU GnuTLS | =3.2.17 | |
GNU GnuTLS | =3.2.18 | |
GNU GnuTLS | =3.2.19 | |
GNU GnuTLS | =3.3.0 | |
GNU GnuTLS | =3.3.0-pre0 | |
GNU GnuTLS | =3.3.1 | |
GNU GnuTLS | =3.3.2 | |
GNU GnuTLS | =3.3.3 | |
GNU GnuTLS | =3.3.4 | |
GNU GnuTLS | =3.3.5 | |
GNU GnuTLS | =3.3.6 | |
GNU GnuTLS | =3.3.7 | |
GNU GnuTLS | =3.3.8 | |
GNU GnuTLS | =3.3.9 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Hpc Node | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
openSUSE openSUSE | =12.3 | |
openSUSE openSUSE | =13.1 | |
openSUSE openSUSE | =13.2 | |
Canonical Ubuntu Linux | =14.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.