ID CVE-2013-4487
Summary Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc
mlist [oss-security] 20131031 Re: CVE Request: gnutls/libdane buffer overflow
suse openSUSE-SU-2013:1714
Last major update 30-10-2018 - 16:27
Published 20-11-2013 - 14:12
Last modified 30-10-2018 - 16:27
Back to Top