Vulnerability in Gnu Gnutls

CVE-2015-6251

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.

EPSS: 0.067 (91.4th percentile) — read the EPSS interpretation.

Affected products

Gnu Gnutls — versions 3.3.0, 3.3.1, 3.3.2
Debian Debian_linux — versions 8.0
N/a — versions n/a

References

secalert@redhat.com (x_refsource_CONFIRM)
openSUSE-SU-2015:1499 (vendor-advisory, x_refsource_SUSE)
1033226 (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
[oss-security] 20150810 CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding (mailing-list, x_refsource_MLIST)
76267 (vdb-entry, x_refsource_BID)
FEDORA-2015-13287 (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
[oss-security] 20150817 Re: CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding (mailing-list, x_refsource_MLIST)
DSA-3334 (vendor-advisory, x_refsource_DEBIAN)