Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-7444

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

Published

2016-09-27T15:59:12.517

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	gnutls	≤ 3.4.14	Yes
Application	gnu	gnutls	3.5.0	Yes
Application	gnu	gnutls	3.5.1	Yes
Application	gnu	gnutls	3.5.2	Yes
Application	gnu	gnutls	3.5.3	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html ([email protected])
http://www.securityfocus.com/bid/92893 ([email protected])
https://access.redhat.com/errata/RHSA-2017:2292 ([email protected])
https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9 Patch ([email protected])
https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html Mailing List, Third Party Advisory ([email protected])
https://www.gnutls.org/security.html Vendor Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92893 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2292 (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.gnutls.org/security.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)