Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL
GNU GnuTLS 3.1.13
GNU GnuTLS 3.1.12
GNU GnuTLS 3.1.11
GNU GnuTLS 3.1.10
GNU GnuTLS 3.1.9
GNU GnuTLS 3.1.8
GNU GnuTLS 3.1.7
GNU GnuTLS 3.1.6
GNU GnuTLS 3.1.5
GNU GnuTLS 3.1.4
GNU GnuTLS 3.1.3
GNU GnuTLS 3.1.2
GNU GnuTLS 3.1.1
GNU GnuTLS 3.1.0
GNU GnuTLS 3.2.5
GNU GnuTLS 3.2.4
GNU GnuTLS 3.2.3
GNU GnuTLS 3.2.2
GNU GnuTLS 3.2.1
GNU GnuTLS 3.2.0
GNU GnuTLS 3.1.15
GNU GnuTLS 3.1.14