Vulnerability DatabaseCVE-2014-3466
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2014-3466
Published:June 03, 2014
Updated:May 17, 2026
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
Related Resources (35)
https://security-tracker.debian.org/tracker/CVE-2014-3466
http://linux.oracle.com/errata/ELSA-2014-0594.html
http://secunia.com/advisories/58340
http://secunia.com/advisories/59408
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155
http://www-01.ibm.com/support/docview.wss?uid=swg21678776
http://www.securitytracker.com/id/1030314
https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd
http://secunia.com/advisories/59086
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html
http://secunia.com/advisories/59016
http://www.gnutls.org/security.html
http://secunia.com/advisories/59838
http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
http://secunia.com/advisories/58598
http://secunia.com/advisories/59057
http://www.ubuntu.com/usn/USN-2229-1
http://rhn.redhat.com/errata/RHSA-2014-0594.html
http://www.novell.com/support/kb/doc.php?id=7015303
http://rhn.redhat.com/errata/RHSA-2014-0684.html
http://secunia.com/advisories/58642
http://secunia.com/advisories/60384
http://rhn.redhat.com/errata/RHSA-2014-0595.html
http://linux.oracle.com/errata/ELSA-2014-0595.html
http://rhn.redhat.com/errata/RHSA-2014-0815.html
https://bugzilla.redhat.com/show_bug.cgi?id=1101932
http://secunia.com/advisories/59021
http://secunia.com/advisories/58601
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
https://access.redhat.com/security/cve/CVE-2014-3466
http://www.debian.org/security/2014/dsa-2944
http://www.novell.com/support/kb/doc.php?id=7015302
http://www.securityfocus.com/bid/67741
Do you need more information?
Contact Us
CVSS v3
Base Score:
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
6.8
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-119
EPSS
Base Score:
13.71