Date: Wed, 15 Apr 2015 15:47:36 +0200 From: Robert Święcki <robert@...ecki.net> To: oss-security@...ts.openwall.com Subject: double-free in gnutls (CRL distribution points parsing) gnutls 3.3.14 fixes a double-free in parsing CRL distribution points. It will affect applications which parse CRL distribution points or print contents of certificates with gnutls-provided functions (e.g. gnutls_x509_crt_print()) Usually a DoS under modern mem allocators, but creating something more interesting using double-free exploitation techniques is not out of the question changelists: https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9 https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02 -- Robert Święcki
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.