Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-7444

Опубликовано: 27 сент. 2016
Источник: debian
EPSS Низкий

Описание

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gnutls28fixed3.5.3-4package
gnutls28fixed3.3.8-6+deb8u4jessiepackage

Примечания

  • https://gnutls.org/security.html#GNUTLS-SA-2016-3

  • http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html

  • Upstream fix: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9

  • https://bugzilla.redhat.com/show_bug.cgi?id=1374266

  • https://www.openwall.com/lists/oss-security/2016/09/18/3

EPSS

Процентиль: 77%
0.01021
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-7444

CVSS3: 7.5
ubuntu
больше 9 лет назад

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

redhat логотип

CVE-2016-7444

CVSS3: 5.3
redhat
больше 9 лет назад

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

nvd логотип

CVE-2016-7444

CVSS3: 7.5
nvd
больше 9 лет назад

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

github логотип

GHSA-3ccg-r3xv-q4cg

CVSS3: 7.5
github
больше 3 лет назад

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

suse-cvrf логотип

openSUSE-SU-2017:0386-1

suse-cvrf
около 9 лет назад

Security update for gnutls

EPSS

Процентиль: 77%
0.01021
Низкий