gnutls: Memory corruption before 3.1.25, 3.2.15 and 3.3.4 (CVE-2014-3466)
http://www.gnutls.org/security.html\#GNUTLS-SA-2014-3
This vulnerability affects the client side of the gnutls library. A
server that sends a specially crafted ServerHello could corrupt the
memory of a requesting client.
Analysis at
radare.today
Recommendation: Upgrade to the latest gnutls version (3.1.25, 3.2.15 or
3.3.4)
(from redmine: issue id 2985, created on 2014-06-04, closed on 2014-06-09)
- Relations:
- child #2986 (closed)
- child #2987 (closed)
- child #2988 (closed)
- Changesets:
- Revision f8e32af7 by Timo Teräs on 2014-06-04T10:29:47Z:
main/gnutls: security upgrade to 3.3.4 (CVE-2014-3466)
ref #2985