Loading...

Knowledge Center


Network Security Manager/Sensor response to CVE-2014-3466 (not vulnerable)
Technical Articles ID:   KB82182
Last Modified:  10/24/2017

Environment

Network Security Manager software
Network Security Platform Sensor software

Summary

CVE-2014-3466  describes a buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4. A successful exploit allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session ID in a ServerHello message.

For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466

Solution

The Network Security Manager and Sensor are not vulnerable to CVE-2014-3466 because they do not use GnuTLS.

Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.