Описание
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 3.8.9-3ubuntu1 |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needs-triage | |
| esm-infra/xenial | needs-triage | |
| fips-preview/jammy | needs-triage | |
| fips-updates/jammy | released | 3.7.3-4ubuntu1.7+Fips1 |
| jammy | released | 3.7.3-4ubuntu1.7 |
| noble | released | 3.8.3-1.1ubuntu3.4 |
| oracular | ignored | end of life, was needs-triage |
| plucky | released | 3.8.9-2ubuntu3.1 |
Показывать по
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softw ...
EPSS
6.5 Medium
CVSS3