CVE-2016-7444

moderate-risk

Published 2016-09-27

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

Do I need to act?

1.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (5)

Gnutls

Affected Vendors

Gnu

References (12)

http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html

http://www.securityfocus.com/bid/92893

https://access.redhat.com/errata/RHSA-2017:2292

Patch https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9

Mailing List https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html

Vendor Advisory https://www.gnutls.org/security.html

http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html

http://www.securityfocus.com/bid/92893

https://access.redhat.com/errata/RHSA-2017:2292

Patch https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9

Mailing List https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html

Vendor Advisory https://www.gnutls.org/security.html

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 3/34 · Minimal

Exposure 12/34 · Low