CVE-2014-3466
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.1371 (13.7%)
Percentile: 94.3%
EPSS: 2026-05-06
Affects
gnu:gnutlsTechnical description
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
Published: 6/3/2014, 2:55:10 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://linux.oracle.com/errata/ELSA-2014-0594.html
- http://linux.oracle.com/errata/ELSA-2014-0595.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
- http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
- http://rhn.redhat.com/errata/RHSA-2014-0594.html