N/A

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.

N/A

N/A

GnuTLS ‘libdane/dane.c’数字错误漏洞

GnuTLS是比利时Nikos Mavrogiannopoulos和瑞典Simon Josefsson软件开发者共同研发的一个免费的用于实现SSL、TLS和DTLS协议的安全通信库。 GnuTLS 3.1.15之前的3.1.x版本和3.2.5之前的3.2.x版本中的DANE库(libdane)中的‘dane_raw_tlsa’方法中存在大小差一错误。远程攻击者可通过向‘data_entries’参数传递大于4的值，利用该漏洞造成拒绝服务（内存损坏）。

N/A

N/A