Lucene search

K
freebsdFreeBSDEC6A2A1E-429D-11E5-9DAA-14DAE9D210B8
HistoryJul 20, 2015 - 12:00 a.m.

gnutls -- double free in certificate DN decoding

2015-07-2000:00:00
vuxml.freebsd.org
10

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.187

Percentile

96.3%

gnutls.org reports:

Kurt Roeckx reported that decoding a specific certificate with very
long DistinguishedName (DN) entries leads to double free, which may
result to a denial of service. Since the DN decoding occurs in almost
all applications using certificates it is recommended to upgrade the
latest GnuTLS version fixing the issue. Recommendation: Upgrade to
GnuTLS 3.4.4, or 3.3.17.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgnutls< 3.3.17UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.187

Percentile

96.3%