William Woodruff

**Name of the Vulnerable Software and Affected Versions** GnuTLS versions prior to 3.8.3 **Description** A flaw in the GnuTLS library is related to shortcomings in handling exceptional states when analyzing the `cert list size` parameter in the `gnutls x509 trust list verify crt2()` function. This issue can be exploited by an attacker to cause a denial of service by passing a specially crafted certificate chain in PEM encoding to `certtool`. The vulnerability can also be triggered when verifying a specially crafted .pem bundle using the "certtool --verify-chain" command, potentially leading to an application crash. Remote attacks are possible, but no exploit has been reported yet. **Recommendations** For GnuTLS versions prior to 3.8.3, update GnuTLS immediately to prevent potential remote attacks. As a temporary workaround, consider restricting the use of the `certtool --verify-chain` command until a patch is applied. Avoid using the `certtool` command with untrusted .pem bundles to minimize the risk of exploitation.