CVE-2013-4487

Published: Nov 20, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.

Affected (23)

Products: Gnu: Gnutls · Opensuse: Opensuse

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gnu Gnutls	Version 3.2.0
Gnu Gnutls	Version 3.2.1
Gnu Gnutls	Version 3.2.2
Gnu Gnutls	Version 3.2.3
Gnu Gnutls	Version 3.2.4
Gnu Gnutls	Version 3.2.5

Configuration B

16 vulnerable

Vulnerable Software	Affected Versions
Gnu Gnutls	Version 3.1.0
Gnu Gnutls	Version 3.1.10
Gnu Gnutls	Version 3.1.11
Gnu Gnutls	Version 3.1.12
Gnu Gnutls	Version 3.1.13
Gnu Gnutls	Version 3.1.14
Gnu Gnutls	Version 3.1.15
Gnu Gnutls	Version 3.1.1
Gnu Gnutls	Version 3.1.2
Gnu Gnutls	Version 3.1.3
Gnu Gnutls	Version 3.1.4
Gnu Gnutls	Version 3.1.5
Gnu Gnutls	Version 3.1.6
Gnu Gnutls	Version 3.1.7
Gnu Gnutls	Version 3.1.8
Gnu Gnutls	Version 3.1.9