CVE-2016-7444
Published: 27 September 2016
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
Priority
Low
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
gnutls26 Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
|
|
|
gnutls28 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.5.3-4)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(3.5.3-4ubuntu1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(3.4.10-4ubuntu1.2)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needed)
|
|
|
Patches: Upstream: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9 Upstream: https://gitlab.com/gnutls/gnutls/commit/c089e019ef83a77b2fdca24d0875ef25f6b38f1a (3.3) |
||
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7444
- https://gnutls.org/security.html#GNUTLS-SA-2016-3
- http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
- http://www.openwall.com/lists/oss-security/2016/09/18/3
- https://usn.ubuntu.com/usn/usn-3183-1
- NVD
- Launchpad
- Debian