CVE-2016-7444
Description
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.021
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| GNU TLS library (USN-2913-4) libgnutls26_2.12.14-5ubuntu3.13_i386.deb | Linux |
| GNU TLS library (USN-2913-4) libgnutls26_2.12.14-5ubuntu3.13_amd64.deb | Linux |
| GNU TLS library (USN-2913-4) libgnutls26_2.12.23-12ubuntu2.6_i386.deb | Linux |
| GNU TLS library (USN-2913-4) libgnutls26_2.12.23-12ubuntu2.6_amd64.deb | Linux |
| GNU TLS library (USN-3183-1) libgnutls30_3.5.3-5ubuntu1.1_i386.deb | Linux |
| GNU TLS library (USN-3183-1) libgnutls30_3.5.3-5ubuntu1.1_amd64.deb | Linux |
| GNU TLS library (USN-3183-1) libgnutls30_3.4.10-4ubuntu1.2_i386.deb | Linux |
| GNU TLS library (USN-3183-1) libgnutls30_3.4.10-4ubuntu1.2_amd64.deb | Linux |
| SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) gnutls-3.2.15-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) gnutls-debuginfo-3.2.15-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) gnutls-debugsource-3.2.15-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0348-1(SUSE Linux Enterprise Server 12-SP1 ) libgnutls-openssl27-3.2.15-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0348-1(SUSE Linux Enterprise Server 12-SP1 ) libgnutls-openssl27-debuginfo-3.2.15-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgnutls28-3.2.15-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgnutls28-32bit-3.2.15-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgnutls28-debuginfo-3.2.15-16.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgnutls28-debuginfo-32bit-3.2.15-16.1.x86_64.rpm | Linux |
| CVE-2016-7444 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234