CVE-2016-7444

Published: 27 September 2016

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

gnutls28
Launchpad, Ubuntu, Debian
Upstream
Released (3.5.3-4)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.5.3-4ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.4.10-4ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
Upstream: https://gitlab.com/gnutls/gnutls/commit/c089e019ef83a77b2fdca24d0875ef25f6b38f1a (3.3)