CVE-2015-3308
Published: 21 April 2015
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
Notes
Author | Note |
---|---|
sbeattie | introduced in 3.3.0 |
Priority
Status
Package | Release | Status |
---|---|---|
gnutls26 Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
|
lucid |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
trusty |
Not vulnerable
|
|
utopic |
Not vulnerable
|
|
vivid |
Does not exist
|
|
gnutls28 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.3.8-7,3.3.14)
|
lucid |
Does not exist
|
|
precise |
Not vulnerable
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
utopic |
Not vulnerable
|
|
vivid |
Released
(3.3.8-3ubuntu3.1)
|
|
Patches: upstream: https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9 upstream: https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02 |