Your submission was sent successfully! Close

CVE-2017-5337

Published: 11 January 2017

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise
Released (2.12.14-5ubuntu3.13)
trusty
Released (2.12.23-12ubuntu2.6)
upstream Needs triage

xenial Does not exist

yakkety Does not exist

zesty Does not exist

gnutls28
Launchpad, Ubuntu, Debian
artful
Released (3.5.6-4ubuntu3)
bionic
Released (3.5.6-4ubuntu3)
cosmic
Released (3.5.6-4ubuntu3)
disco
Released (3.5.6-4ubuntu3)
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was needed)
upstream Needs triage

xenial
Released (3.4.10-4ubuntu1.2)
yakkety
Released (3.5.3-5ubuntu1.1)
zesty
Released (3.5.6-4ubuntu3)

Notes

AuthorNote
mdeslaur
reproducer https://gitlab.com/gnutls/gnutls/commit/d949c6266ce64f5c2419f8c7cf4a196122fff9d7
https://gitlab.com/gnutls/gnutls/commit/e08b66b7cb4bc3f7ad56d081f0357ec1d39aa4ec

References

Bugs