Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-0731

Published: 26 March 2010

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.

Priority

Medium

Status

Package Release Status
gnutls11
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

gnutls12
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(1.2.9-2ubuntu1.7)
hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream
Released (1.2.1)
gnutls13
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable
(2.0.4-1ubuntu2.6)
intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Not vulnerable

gnutls26
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

intrepid Not vulnerable
(2.4.1-1ubuntu0.4)
jaunty Not vulnerable
(2.4.2-6ubuntu0.1)
karmic Not vulnerable
(2.8.3-2)
upstream Not vulnerable