Flutterby™! : CVE-2014-3466 GnuTLS bug

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

CVE-2014-3466 GnuTLS bug

2014-06-03 18:55:56.315751+02 by Dan Lyke 0 comments

Fuuuu, they just keep coming: Critical new bug in crypto library leaves Linux, apps open to drive-by attacks: Vulnerability in GnuTLS allows malicious sites to execute malicious code.

The bug is CVE-2014-3466.

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

[ related topics: Language Free Software Books Open Source Invention and Design Mathematics Cryptography ]

comments in ascending chronological order (reverse):