Lucene search
K

19 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:48 p.m.40 views

K37830055: GnuTLS vulnerability CVE-2017-7507

Security Advisory Description GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. CVE-2017-7507 Impact An attacker may be able to exploit this...

7.5CVSS7.4AI score0.0341EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.19 views

Mageia: Security Advisory (MGASA-2017-0212)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.0341EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/23 1:45 a.m.35 views

Security Bulletin: Vulnerabilities in GnuTLS affect Power Hardware Management Console

Summary GnuTLS is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7869 DESCRIPTION: GnuTLS is vulnerable to a denial of service, caused by an integer overflow and heap-based buffer overflow in cdkpktread function in...

9.8CVSS1.3AI score0.32754EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2017-1203)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.9AI score0.32754EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.34 views

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2017-1204)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.9AI score0.32754EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/08/09 12:0 a.m.40 views

Oracle Linux 7 : gnutls (ELSA-2017-2292)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2292 advisory. - Address crash in OCSP status request extension, by eliminating the unneeded parsing CVE-2017-7507, 1455828 Tenable has extracted the preceding...

9.8CVSS8.2AI score0.32754EPSS
Exploits0References8
Mageia
Mageia
added 2017/07/22 9:36 a.m.36 views

Updated gnutls packages fix security vulnerabilities

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function in opencdk/read-packet.c. This issue which is a subset of the vendor's GNUTLS-SA-2017-3 report is fixed in 3.5.10. CVE-2017-7869 GnuTLS version 3.5.1...

7.5CVSS3.9AI score0.0341EPSS
Exploits0References4
OSV
OSV
added 2017/07/22 9:36 a.m.11 views

MGASA-2017-0212 Updated gnutls packages fix security vulnerabilities

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function in opencdk/read-packet.c. This issue which is a subset of the vendor's GNUTLS-SA-2017-3 report is fixed in 3.5.10. CVE-2017-7869 GnuTLS version 3.5.1...

7.5CVSS7.5AI score0.0341EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2017/07/17 12:0 a.m.46 views

Fedora 26 : mingw-gnutls (2017-7936341c80)

https://lists.gnupg.org/pipermail/gnutls-devel/2017-June/008446.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

7.5CVSS7.4AI score0.0341EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/07/17 12:0 a.m.30 views

openSUSE Security Update : gnutls (openSUSE-2017-824)

This update for gnutls fixes the following issues : - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding bsc1043398 - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding bsc1034173 - Address read of 4 bytes past the end of...

7.5CVSS7.6AI score0.0341EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2017/07/12 12:0 a.m.43 views

SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:1838-1)

This update for gnutls fixes the following issues : - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding bsc1043398 - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding bsc1034173 - Address read of 4 bytes past the end of...

7.5CVSS7.6AI score0.0341EPSS
Exploits0References8
ArchLinux
ArchLinux
added 2017/07/11 12:0 a.m.28 views

[ASA-201707-6] lib32-gnutls: denial of service

Arch Linux Security Advisory ASA-201707-6 ========================================= Severity: Medium Date : 2017-07-11 CVE-ID : CVE-2017-7507 Package : lib32-gnutls Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-295 Summary ======= The package lib32-gnutls before...

7.5CVSS1.9AI score0.0341EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2017/07/05 12:0 a.m.4 views

GnuTLS status_request Extension Null Pointer Dereference (CVE-2017-7507)

A denial of service vulnerability exists in the GnuTLS library. The vulnerability is due to improper parsing of certain values in the statusrequest extension. A remote attacker can exploit this vulnerability by sending a crafted Client Hello to the target server...

5CVSS4.5AI score0.0341EPSS
Exploits0
CVE
CVE
added 2017/06/16 7:0 p.m.197 views

CVE-2017-7507

CVE-2017-7507 affects GnuTLS 3.5.12 and earlier, which are vulnerable to a NULL pointer dereference when decoding a status_request extension in ClientHello, potentially crashing the server. Several connected advisories confirm the issue and provide remediation: upgrade to GnuTLS 3.5.13 or newer (...

7.5CVSS7.2AI score0.0341EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2017/06/16 7:0 p.m.25 views

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

7.5CVSS7.5AI score0.0341EPSS
Exploits0
Debian
Debian
added 2017/06/16 5:3 p.m.27 views

[SECURITY] [DSA 3884-1] gnutls28 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3884-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 16, 2017 https://www.debian.org/security/faq -...

5CVSS2.3AI score0.0341EPSS
Exploits0
Debian
Debian
added 2017/06/16 5:3 p.m.26 views

[SECURITY] [DSA 3884-1] gnutls28 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3884-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 16, 2017 https://www.debian.org/security/faq -...

7.5CVSS7.5AI score0.0341EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/06/14 12:0 a.m.50 views

Ubuntu 14.04 LTS / 16.04 LTS : GnuTLS vulnerabilities (USN-3318-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3318-1 advisory. Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this...

7.5CVSS7.9AI score0.0341EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2017/06/13 5:1 p.m.65 views

USN-3318-1: GnuTLS vulnerabilities

Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. CVE-2017-7507 I...

7.5CVSS7.5AI score0.0341EPSS
Exploits0
Rows per page
Query Builder