Описание
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | 2.12.23-12ubuntu2.1 |
| lucid | released | 2.8.5-2ubuntu0.6 |
| precise | released | 2.12.14-5ubuntu3.8 |
| saucy | released | 2.12.23-1ubuntu4.3 |
| trusty | released | 2.12.23-12ubuntu2.1 |
| trusty/esm | not-affected | 2.12.23-12ubuntu2.1 |
| upstream | needs-triage | |
| utopic | released | 2.12.23-15ubuntu2 |
| vivid | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.2.15-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [3.2.11-2ubuntu1.1]] |
| lucid | DNE | |
| precise | released | 3.0.11-1ubuntu2.1 |
| saucy | ignored | end of life |
| trusty | released | 3.2.11-2ubuntu1.1 |
| trusty/esm | DNE | trusty was released [3.2.11-2ubuntu1.1] |
| upstream | released | 3.1.25,3.2.15,3.3.4 |
| utopic | not-affected | 3.2.15-1 |
| vivid | not-affected | 3.2.15-1 |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
Buffer overflow in the read_server_hello function in lib/gnutls_handsh ...
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
EPSS
6.8 Medium
CVSS2