Your submission was sent successfully! Close

CVE-2017-5335

Published: 11 January 2017

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise
Released (2.12.14-5ubuntu3.13)
trusty
Released (2.12.23-12ubuntu2.6)
upstream Needs triage

xenial Does not exist

yakkety Does not exist

zesty Does not exist

gnutls28
Launchpad, Ubuntu, Debian
artful
Released (3.5.6-4ubuntu3)
bionic
Released (3.5.6-4ubuntu3)
cosmic
Released (3.5.6-4ubuntu3)
disco
Released (3.5.6-4ubuntu3)
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was needed)
upstream
Released (3.5.8-1)
xenial
Released (3.4.10-4ubuntu1.2)
yakkety
Released (3.5.3-5ubuntu1.1)
zesty
Released (3.5.6-4ubuntu3)