The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/59991 | third party advisory |
| http://rhn.redhat.com/errata/RHSA-2014-1846.html | third party advisory vendor advisory |
| http://www.ubuntu.com/usn/USN-2403-1 | third party advisory patch vendor advisory |
| http://secunia.com/advisories/62294 | third party advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=1161443 | issue tracking |
| http://secunia.com/advisories/62284 | third party advisory |
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html | third party advisory vendor advisory |