Описание
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
Отчет
This vulnerability is rated as a moderate severity vulnerability because a heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software within the certtool utility's template parsing logic, this issue is triggered when the tool processes specially crafted settings from a template file, leading to an out-of-bounds NULL pointer write. The resulting memory corruption causes a denial-of-service by crashing the application.
Меры по смягчению последствий
Currently, no mitigation is available for this vulnerability.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Enterprise Linux 10 | gnutls | Affected | ||
Red Hat Enterprise Linux 6 | gnutls | Out of support scope | ||
Red Hat Enterprise Linux 7 | gnutls | Out of support scope | ||
Red Hat Enterprise Linux 8 | gnutls | Fix deferred | ||
Red Hat Enterprise Linux 9 | gnutls | Affected | ||
Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softw ...
6.5 Medium
CVSS3