PT-2016-7335 · Gnu+5 · Gnutls+5

Stefan Bã¼Hler

Published

2016-09-09

Updated

2018-01-05

CVE-2016-7444

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.4.15 GnuTLS versions 3.5.x prior to 3.5.4

Description The issue concerns the gnutls ocsp resp check crt function, which does not verify the serial length of an OCSP response. This could potentially allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls malloc.

Recommendations For GnuTLS versions prior to 3.4.15, update to version 3.4.15 or later. For GnuTLS versions 3.5.x prior to 3.5.4, update to version 3.5.4 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2016-1957

CESA-2017_2292

CVE-2016-7444

MGASA-2016-0326

OPENSUSE-SU-2017_0386-1

RHSA-2017:2292

RHSA-2017_2292

SUSE-SU-2017:0348-1

USN-3183-1

Affected Products

Alt Linux

Centos

Gnutls

Red Hat

Suse

Ubuntu

PT-2016-7335 · Gnu+5 · Gnutls+5

CVE-2016-7444

Weakness Enumeration

Related Identifiers

Affected Products

References · 72