CVE-2015-3308

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.3.14

Description The issue is related to a double free vulnerability in the lib/x509/x509 ext.c component of GnuTLS. This vulnerability can be exploited by remote attackers using a crafted CRL distribution point, potentially leading to a denial of service or other unspecified impacts.

Recommendations For versions prior to 3.3.14, update to version 3.3.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the lib/x509/x509 ext.c component until a patch is available. Avoid using the vulnerable component with crafted CRL distribution points to minimize the risk of exploitation.