The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* versions up to 1.2.0 (inclusive)
|68021||Oracle Linux 4 : gnutls (ELSA-2010-0167)||Nessus||Oracle Linux Local Security Checks|
|60752||Scientific Linux Security Update : gnutls on SL4.x, SL5.x i386/x86_64||Nessus||Scientific Linux Local Security Checks|
|46278||RHEL 4 : gnutls (RHSA-2010:0167)||Nessus||Red Hat Local Security Checks|
|45366||CentOS 4 : gnutls (CESA-2010:0167)||Nessus||CentOS Local Security Checks|