Submitted by Vincent (CVE) Danen on Fri, 09/18/2015 - 05:33
A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code.
CVE-2014-3466 gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3)
1 101 932
Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter.
Red Hat Security Errata
|Red Hat Enterprise Linux 7 (gnutls)||RHSA-2014:0684||2014-06-10|
|Red Hat Enterprise Linux 6 (gnutls)||RHSA-2014:0595||2014-06-03|
|RHEV Hypervisor for RHEL-6 (rhev-hypervisor6)||RHSA-2014:0815||2014-06-30|
|Red Hat Enterprise Linux 5 (gnutls)||RHSA-2014:0594||2014-06-03|
Affected Packages State
|Red Hat Enterprise Linux 6||mingw32-gnutls||Will not fix|
|Red Hat Enterprise Linux 4||gnutls||Will not fix|