Your submission was sent successfully! Close

CVE-2017-7507

Published: 9 June 2017

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Does not exist

yakkety Does not exist

zesty Does not exist

gnutls28
Launchpad, Ubuntu, Debian
artful
Released (3.5.8-6ubuntu1)
bionic
Released (3.5.8-6ubuntu1)
cosmic
Released (3.5.8-6ubuntu1)
disco
Released (3.5.8-6ubuntu1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (3.5.13,3.5.8-6)
xenial
Released (3.4.10-4ubuntu1.3)
yakkety
Released (3.5.3-5ubuntu1.2)
zesty
Released (3.5.6-4ubuntu4.1)
Patches:
upstream: https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
upstream: https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
upstream: https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9
upstream: https://gitlab.com/gnutls/gnutls/commit/9d95c912b5843e664c8210887a6719f02a9028be (3.3)
upstream: https://gitlab.com/gnutls/gnutls/commit/023a20d21b762918d3e1ab25a207ecf874ba21a9 (3.3)
upstream: https://gitlab.com/gnutls/gnutls/commit/3ade67eb6859a5a074f981480e5663ea92a59380 (3.3)