Your submission was sent successfully! Close

CVE-2022-2509

Published: 1 August 2022

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

Notes

AuthorNote
mdeslaur
per upstream, affects 3.6.0 to 3.7.6, but code in bionic looks
similar
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
gnutls28
Launchpad, Ubuntu, Debian
bionic
Released (3.5.18-1ubuntu1.6)
focal
Released (3.6.13-2ubuntu1.7)
jammy
Released (3.7.3-4ubuntu1.1)
kinetic Pending
(3.7.7-2ubuntu1)
trusty Ignored
(out of standard support)
upstream
Released (3.7.7-1)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2