Vulnerability in Gnu Gnutls
CVE-2015-3308
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
EPSS: 0.014 (80.7th percentile) — read the EPSS interpretation.
Affected products
- Gnu Gnutls
- Canonical Ubuntu_linux — versions 15.04
- N/a — versions n/a
References
- FEDORA-2015-5131 (x_refsource_FEDORA, vendor-advisory)
- [oss-security] 20150416 Re: double-free in gnutls (CRL distribution points parsing) (mailing-list, x_refsource_MLIST)
- USN-2727-1 (x_refsource_UBUNTU, vendor-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- 74188 (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_CONFIRM)
- [oss-security] 20150415 double-free in gnutls (CRL distribution points parsing) (mailing-list, x_refsource_MLIST)
- GLSA-201506-03 (vendor-advisory, x_refsource_GENTOO)
- 1033774 (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_CONFIRM)