ID CVE-2014-8564
Summary The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.20:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.21:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.22:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.23:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.24:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.24:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.25:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.25:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.26:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.26:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.1.27:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.1.27:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gnutls:3.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gnutls:3.3.9:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1161443
title CVE-2014-8564 gnutls: Heap corruption when generating key ID for ECC (GNUTLS-SA-2014-5)
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment gnutls is earlier than 0:3.1.18-10.el7_0
        oval oval:com.redhat.rhsa:tst:20141846005
      • comment gnutls is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120429006
    • AND
      • comment gnutls-c++ is earlier than 0:3.1.18-10.el7_0
        oval oval:com.redhat.rhsa:tst:20141846011
      • comment gnutls-c++ is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140684010
    • AND
      • comment gnutls-dane is earlier than 0:3.1.18-10.el7_0
        oval oval:com.redhat.rhsa:tst:20141846013
      • comment gnutls-dane is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140684008
    • AND
      • comment gnutls-devel is earlier than 0:3.1.18-10.el7_0
        oval oval:com.redhat.rhsa:tst:20141846009
      • comment gnutls-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120429010
    • AND
      • comment gnutls-utils is earlier than 0:3.1.18-10.el7_0
        oval oval:com.redhat.rhsa:tst:20141846007
      • comment gnutls-utils is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120429008
rhsa
id RHSA-2014:1846
released 2014-11-12
severity Moderate
title RHSA-2014:1846: gnutls security update (Moderate)
rpms
  • gnutls-0:3.1.18-10.el7_0
  • gnutls-c++-0:3.1.18-10.el7_0
  • gnutls-dane-0:3.1.18-10.el7_0
  • gnutls-devel-0:3.1.18-10.el7_0
  • gnutls-utils-0:3.1.18-10.el7_0
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1161443
secunia
  • 59991
  • 62284
  • 62294
suse openSUSE-SU-2014:1472
ubuntu USN-2403-1
Last major update 30-10-2018 - 16:27
Published 13-11-2014 - 21:32
Back to Top