Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-7444

Опубликовано: 27 сент. 2016
Источник: debian

Описание

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gnutls28fixed3.5.3-4package
gnutls28fixed3.3.8-6+deb8u4jessiepackage

Примечания

  • https://gnutls.org/security.html#GNUTLS-SA-2016-3

  • http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html

  • Upstream fix: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9

  • https://bugzilla.redhat.com/show_bug.cgi?id=1374266

  • https://www.openwall.com/lists/oss-security/2016/09/18/3

Связанные уязвимости

ubuntu логотип

CVE-2016-7444

CVSS3: 7.5
ubuntu
почти 9 лет назад

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

redhat логотип

CVE-2016-7444

CVSS3: 5.3
redhat
почти 9 лет назад

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

nvd логотип

CVE-2016-7444

CVSS3: 7.5
nvd
почти 9 лет назад

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

github логотип

GHSA-3ccg-r3xv-q4cg

CVSS3: 7.5
github
около 3 лет назад

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

suse-cvrf логотип

openSUSE-SU-2017:0386-1

suse-cvrf
больше 8 лет назад

Security update for gnutls