Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-0731

Опубликовано: 26 мар. 2010
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
Версия до 1.2.0 (включая)
cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*

EPSS

Процентиль: 81%
0.01631
Низкий

7.5 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2010-0731

ubuntu
больше 15 лет назад

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.

redhat логотип

CVE-2010-0731

redhat
больше 15 лет назад

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.

debian логотип

CVE-2010-0731

debian
больше 15 лет назад

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1 ...

github логотип

GHSA-g8xp-5hv7-77f4

github
больше 3 лет назад

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.

fstec логотип

BDU:2015-06204

fstec
больше 15 лет назад

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 81%
0.01631
Низкий

7.5 High

CVSS2

Дефекты

CWE-119