CVE-2015-6251

MEDIUM

Description

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html

http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html

http://www.debian.org/security/2015/dsa-3334

http://www.gnutls.org/security.html#GNUTLS-SA-2015-3

http://www.openwall.com/lists/oss-security/2015/08/10/1

http://www.openwall.com/lists/oss-security/2015/08/17/6

http://www.securityfocus.com/bid/76267

http://www.securitytracker.com/id/1033226

https://bugzilla.redhat.com/show_bug.cgi?id=1251902

https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12

Details

Source: MITRE

Published: 2015-08-24

Updated: 2016-12-24

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.12:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.13:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.14:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.15:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.3.16:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.4.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.4.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gnutls:3.4.3:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
93411Slackware 14.0 / 14.1 / 14.2 / current : gnutls (SSA:2016-254-01)NessusSlackware Local Security Checks
medium
85901SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2015:1518-1)NessusSuSE Local Security Checks
medium
85836openSUSE Security Update : gnutls (openSUSE-2015-567)NessusSuSE Local Security Checks
medium
85735Ubuntu 15.04 : gnutls28 vulnerabilities (USN-2727-1)NessusUbuntu Local Security Checks
high
85709Fedora 23 : gnutls-3.4.4-1.fc23 (2015-13287)NessusFedora Local Security Checks
medium
85583Slackware 14.0 / 14.1 / current : gnutls (SSA:2015-233-01)NessusSlackware Local Security Checks
medium
85429FreeBSD : gnutls -- double free in certificate DN decoding (ec6a2a1e-429d-11e5-9daa-14dae9d210b8)NessusFreeBSD Local Security Checks
medium
85357Debian DSA-3334-1 : gnutls28 - security updateNessusDebian Local Security Checks
medium