Date: Wed, 15 Apr 2015 15:47:36 +0200 From: Robert Święcki <robert@...ecki.net> To: oss-security@...ts.openwall.com Subject: double-free in gnutls (CRL distribution points parsing) gnutls 3.3.14 fixes a double-free in parsing CRL distribution points. It will affect applications which parse CRL distribution points or print contents of certificates with gnutls-provided functions (e.g. gnutls_x509_crt_print()) Usually a DoS under modern mem allocators, but creating something more interesting using double-free exploitation techniques is not out of the question changelists: https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9 https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02 -- Robert Święcki
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ