CVE-2017-5337

CVE-2017-5337 is a GnuTLS vulnerability involving multiple heap-based buffer overflows in read_attribute triggered by crafted OpenPGP certificates. Affected versions are GnuTLS builds before 3.3.26 and 3.5.x before 3.5.8. The connected materials confirm the root cause as heap overflows in read_at...

CVE-2017-5336

Stack-based buffer overflow in the cdkpkgetkeyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate...

CVE-2017-5335

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service out-of-memory error and crash via a crafted OpenPGP certificate...

CVE-2017-5334

Double free vulnerability in the gnutlsx509extimportproxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension...

CVE-2017-5335

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service out-of-memory error and crash via a crafted OpenPGP certificate...

CVE-2017-5336

CVE-2017-5336 : GnuTLS contains a stack-based buffer overflow in the cdk_pk_get_keyid function (lib/opencdk/pubkey.c), exploitable via crafted OpenPGP certificates. Affected versions are GnuTLS before 3.3.26 and 3.5.x before 3.5.8. Remediation: upgrade to a fixed release (upstream 3.3.26 or later...

CVE-2017-5334

CVE-2017-5334: Double-free vulnerability in GnuTLS in gnutls_x509_ext_import_proxy triggered by X.509 certificates with a Proxy Certificate Information extension. Affected upstream: GnuTLS < 3.3.26 and

CVE-2017-5337

Multiple heap-based buffer overflows in the readattribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate...

CVE-2017-5334

Double free vulnerability in the gnutlsx509extimportproxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension...

RHEL 6 : gnutls (RHSA-2017:0574)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:0574 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as...

RedHat Update for gnutls RHSA-2017:0574-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

gnutls: Heap read overflow in read-packet.c

Multiple heap-based buffer overflows in the readattribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate...

gnutls: Out of memory while parsing crafted OpenPGP certificate

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service out-of-memory error and crash via a crafted OpenPGP certificate...

Moderate: Red Hat Security Advisory: gnutls security, bug fix, and enhancement update

An update for gnutls is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Ubuntu 14.04 LTS : GnuTLS vulnerability (USN-3183-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3183-2 advisory. USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04...

USN-3183-2: GnuTLS vulnerability

USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Original advisory details: Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remo...

USN-3183-1: GnuTLS Vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This...

gnutls: Heap-buffer-overflow in _cdk_buftou32

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=6394161118838784 Project: gnutls Fuzzer: libFuzzergnutlsopenpgpcertparserfuzzer Fuzz target binary: gnutlsopenpgpcertparserfuzzer Job Type: libfuzzerasangnutls Platform Id: linux Crash Type:...

gnutls: Heap-buffer-overflow in _cdk_buftou32

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5630059660443648 Project: gnutls Fuzzer: libFuzzergnutlsopenpgpcertparserfuzzer Fuzz target binary: gnutlsopenpgpcertparserfuzzer Job Type: libfuzzerasangnutls Platform Id: linux Crash Type:...

Updated gnutls packages fix security vulnerability

Remote denial of service in SSL alert handling. CVE-2016-8610 In gnutlsx509extimportproxy: if the language was set but the policy wasn't, that could lead to a double free. CVE-2017-5334 Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows. CVE-2017-5335,...