Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Apr 2015 15:47:36 +0200
From: Robert Święcki <>
Subject: double-free in gnutls (CRL distribution points parsing)

gnutls 3.3.14 fixes a double-free in parsing CRL distribution points.

It will affect applications which parse CRL distribution points or
print contents of certificates with gnutls-provided functions (e.g.

Usually a DoS under modern mem allocators, but creating something more
interesting using double-free exploitation techniques is not out of
the question


Robert Święcki

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ