oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: double-free in gnutls (CRL distribution points parsing)

From: cve-assign () mitre org
Date: Thu, 16 Apr 2015 02:41:35 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


gnutls 3.3.14 fixes a double-free in parsing CRL distribution points.

It will affect applications which parse CRL distribution points or
print contents of certificates with gnutls-provided functions (e.g.
gnutls_x509_crt_print())

Usually a DoS under modern mem allocators, but creating something more
interesting using double-free exploitation techniques is not out of
the question

https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02


Use CVE-2015-3308.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVL1kCAAoJEKllVAevmvmswcUH/i6RzwB5lEC9WJmOCWMDJiPu
D0gnjKKlvgZs4P+/WzaW/gfvhs3gojdOFJKQ1hxb9wo4tB3Lo1TExtoWKkBlBzH5
utp7/P2xqRhLMoOCW8QGbfCAF2oaP2AshnitNkru9XPb9I8sWgNRRevTzURnGJQE
Vac7pmThHnOtxJ9sy9k3F3wiFSn/d2SoLZkEo8hQMBtxgr/9dQpEPJobOOlrRuNE
PxabnOMgAnGBmT2qzQXwARdeswkJ/jL6BGsicWuLDMmGD2I/L+fqtP1jr84uUgFM
5ACjRX0Hg4+elY9GYpw3EhKJaj19XIUW4HA867EtJyJpwLbiGIYPGwu0em8d/X4=
=9Vb/
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: