Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 16 Apr 2015 02:41:35 -0400 (EDT)
From: cve-assign@...re.org
To: robert@...ecki.net
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: double-free in gnutls (CRL distribution points parsing)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> gnutls 3.3.14 fixes a double-free in parsing CRL distribution points.
> 
> It will affect applications which parse CRL distribution points or
> print contents of certificates with gnutls-provided functions (e.g.
> gnutls_x509_crt_print())
> 
> Usually a DoS under modern mem allocators, but creating something more
> interesting using double-free exploitation techniques is not out of
> the question
> 
> https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
> https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02

Use CVE-2015-3308.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVL1kCAAoJEKllVAevmvmswcUH/i6RzwB5lEC9WJmOCWMDJiPu
D0gnjKKlvgZs4P+/WzaW/gfvhs3gojdOFJKQ1hxb9wo4tB3Lo1TExtoWKkBlBzH5
utp7/P2xqRhLMoOCW8QGbfCAF2oaP2AshnitNkru9XPb9I8sWgNRRevTzURnGJQE
Vac7pmThHnOtxJ9sy9k3F3wiFSn/d2SoLZkEo8hQMBtxgr/9dQpEPJobOOlrRuNE
PxabnOMgAnGBmT2qzQXwARdeswkJ/jL6BGsicWuLDMmGD2I/L+fqtP1jr84uUgFM
5ACjRX0Hg4+elY9GYpw3EhKJaj19XIUW4HA867EtJyJpwLbiGIYPGwu0em8d/X4=
=9Vb/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ