Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html
http://www.debian.org/security/2015/dsa-3334
http://www.gnutls.org/security.html#GNUTLS-SA-2015-3
http://www.openwall.com/lists/oss-security/2015/08/10/1
http://www.openwall.com/lists/oss-security/2015/08/17/6
http://www.securityfocus.com/bid/76267
http://www.securitytracker.com/id/1033226
https://bugzilla.redhat.com/show_bug.cgi?id=1251902
https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12
Source: MITRE
Published: 2015-08-24
Updated: 2016-12-24
Type: NVD-CWE-Other
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
OR
cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.3.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.4.1:*:*:*:*:*:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
93411 | Slackware 14.0 / 14.1 / 14.2 / current : gnutls (SSA:2016-254-01) | Nessus | Slackware Local Security Checks | medium |
85901 | SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2015:1518-1) | Nessus | SuSE Local Security Checks | medium |
85836 | openSUSE Security Update : gnutls (openSUSE-2015-567) | Nessus | SuSE Local Security Checks | medium |
85735 | Ubuntu 15.04 : gnutls28 vulnerabilities (USN-2727-1) | Nessus | Ubuntu Local Security Checks | high |
85709 | Fedora 23 : gnutls-3.4.4-1.fc23 (2015-13287) | Nessus | Fedora Local Security Checks | medium |
85583 | Slackware 14.0 / 14.1 / current : gnutls (SSA:2015-233-01) | Nessus | Slackware Local Security Checks | medium |
85429 | FreeBSD : gnutls -- double free in certificate DN decoding (ec6a2a1e-429d-11e5-9daa-14dae9d210b8) | Nessus | FreeBSD Local Security Checks | medium |
85357 | Debian DSA-3334-1 : gnutls28 - security update | Nessus | Debian Local Security Checks | medium |