Vulnerabilities > CVE-2013-4487 - Numeric Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Gnu
| 22 |
| OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-20628.NASL description Minor security update from upstream. New minor upstream release fixing a security issue. Adds ECC NIST Suite B curves support (ECDH, ECDSA) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-11-18 plugin id 70939 published 2013-11-18 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70939 title Fedora 19 : gnutls-3.1.16-1.fc19 (2013-20628) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-858.NASL description the following security issue was fixed : 	- Fix bug[ bnc#848510], CVE-2013-4487( off-by-one security fix in libdane) last seen 2020-06-05 modified 2014-06-13 plugin id 75201 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75201 title openSUSE Security Update : gnutls (openSUSE-SU-2013:1714-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-20662.NASL description Minor security update from upstream. New minor upstream release fixing a security issue. Adds ECC NIST Suite B curves support (ECDH, ECDSA) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-11-11 plugin id 70832 published 2013-11-11 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70832 title Fedora 20 : gnutls-3.1.16-1.fc20 (2013-20662)
References
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html
- http://www.openwall.com/lists/oss-security/2013/10/31/4
- http://www.openwall.com/lists/oss-security/2013/10/31/4
- https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc
- https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc