CVE-2016-7444

high

Description

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

References

https://www.gnutls.org/security.html

https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html

https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9

https://access.redhat.com/errata/RHSA-2017:2292

http://www.securityfocus.com/bid/92893

http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html

Details

Source: Mitre, NVD

Published: 2016-09-27

Updated: 2018-01-05

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High