CVE-2014-3465

Description

The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.

How to fix CVE-2014-3465

To remediate CVE-2014-3465, upgrade the affected package to a fixed version below.

• Debian/gnutls28—upgrade to 3.2.10-1 or later

Is CVE-2014-3465 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3.2.10-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-3465