4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.12 Low
EPSS
Percentile
95.3%
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly
handle invalid DSA signatures, which allows remote attackers to cause a
denial of service (application crash) and possibly have unspecified other
impact via a malformed DSA key that triggers a (1) free of an uninitialized
pointer or (2) double free.
Author | Note |
---|---|
jdstrand | from advisory: Only GnuTLS 2.6.x is affected. GnuTLS 2.4.x and earlier did not contain the buggy code. |