gnutls: Use-of-uninitialized-value in mpn_cmp

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=4828633380159488 Project: gnutls Fuzzer: libFuzzergnutlsclientfuzzer Fuzz target binary: gnutlsclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-value Cras...

SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:1838-1)

This update for gnutls fixes the following issues : - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding bsc1043398 - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding bsc1034173 - Address read of 4 bytes past the end of...

SUSE-SU-2017:1838-1 Security update for gnutls

This update for gnutls fixes the following issues: - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding bsc1043398 - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding bsc1034173 - Address read of 4 bytes past the end of...

[ASA-201707-6] lib32-gnutls: denial of service

Arch Linux Security Advisory ASA-201707-6 ========================================= Severity: Medium Date : 2017-07-11 CVE-ID : CVE-2017-7507 Package : lib32-gnutls Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-295 Summary ======= The package lib32-gnutls before...

gnutls: Use-of-uninitialized-value in ecc_256_modq

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=6126560014761984 Project: gnutls Fuzzer: libFuzzergnutlsclientfuzzer Fuzz target binary: gnutlsclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-value Cras...

gnutls: Use-of-uninitialized-value in nettle_pss_verify_mgf1

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5211986457526272 Project: gnutls Fuzzer: libFuzzergnutlsclientfuzzer Fuzz target binary: gnutlsclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-value Cras...

EulerOS 2.0 SP1 : gnutls (EulerOS-SA-2017-1115)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function...

gnutls: Use-of-uninitialized-value in nettle_pkcs1_encrypt

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=6091382018015232 Project: gnutls Fuzzer: libFuzzergnutlsclientfuzzer Fuzz target binary: gnutlsclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-value Cras...

GnuTLS status_request Extension Null Pointer Dereference (CVE-2017-7507)

A denial of service vulnerability exists in the GnuTLS library. The vulnerability is due to improper parsing of certain values in the statusrequest extension. A remote attacker can exploit this vulnerability by sending a crafted Client Hello to the target server...

The vulnerability of the `ckd_pk_get_keyid` function in the `lib/opencdk/pubkey.c` component of the operating system OpenSUSE Leap and the GnuTLS library allows a attacker to cause undefined behavior.

The vulnerability of the ckpkggetkeyid function in the lib/opencdk/pubkey.c component of the OpenSUSE Leap operating system and the GnuTLS library is caused by a buffer overflow in the stack. Exploiting this vulnerability could allow an attacker, operating remotely, to exert unpredictable effects...

USN-3318-1: GnuTLS vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service...

USN-3309-1: Libtasn1 vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute...

GnuTLS Null Pointer Dereference Vulnerability

GnuTLS is an open source implementation of SSL, TLS and DTLS. A security vulnerability exists in GnuTLS decoding stateful responses to TLS extensions, which allows remote attackers to exploit the vulnerability by submitting a special request that crashes the GnuTLS server...

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

Null pointer dereference

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

ALPINE-CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...