GnuTLS 3.3.3 remote memory corruption(CVE-2014-3466)
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before
3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly
execute arbitrary code via a long session id in a ServerHello message.
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1751,7 +1751,7 @@
DECR_LEN(len, 1);
session_id_len = data[pos++];
- if (len < session_id_len) {
+ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) {
gnutls_assert();
return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
}
ref:http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
https://gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd
最新文章
- AlloyRenderingEngine之Shape
- IOS开发之Bug--遇到一个类型不确定的bug
- spring定时任务轮询(spring Task)
- uGUI练习(一) Anchor
- Python源码剖析
- Android中的自定义属性的实现
- Rundeck,RUN起来!!
- 正则表达式及re模块
- JavaScriptCore.framework基本用法(一)
- HTML 布局
- SpringDataJPA入门就这么简单
- YARN整理
- shell脚本中如何插入其它脚本?
- 关于css,js放置位置的问题
- 「TJOI2015」旅游 解题报告
- POJ1236 Network of Schools【强连通】
- Stealth潜行风格游戏源码(Unity5x)
- 7、springmvc的自动配置
- webpack3.x看这个就够了
- [HDU4362] Palindrome subsequence (区间DP)