PT-2017-17963 · Gnu+5 · Gnutls+5

Published

2017-03-07

Updated

2024-06-15

CVE-2017-7869

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.5.10

Description The issue is caused by an integer overflow and heap-based buffer overflow related to the cdk pkt read function in opencdk/read-packet.c. This is a subset of the vendor's report and has been fixed.

Recommendations For versions prior to 3.5.10, update to version 3.5.10 to resolve the issue. As a temporary workaround, consider restricting access to the cdk pkt read function until the update is applied.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2017-1250

CESA-2017_2292

CVE-2017-7869

MGASA-2017-0212

OPENSUSE-SU-2024:10801-1

RHSA-2017:2292

RHSA-2017_2292

SUSE-SU-2017:1838-1

SUSE-SU-2017:1886-1

USN-3318-1

Affected Products

Alt Linux

Centos

Gnutls

Red Hat

Suse

Ubuntu

PT-2017-17963 · Gnu+5 · Gnutls+5

CVE-2017-7869

Weakness Enumeration

Related Identifiers

Affected Products

References · 67