Vulnerability Description
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Gnutls | <= 3.4.14 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html
- http://www.securityfocus.com/bid/92893
- https://access.redhat.com/errata/RHSA-2017:2292
- https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9Patch
- https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.htmlMailing ListThird Party Advisory
- https://www.gnutls.org/security.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html
- http://www.securityfocus.com/bid/92893
- https://access.redhat.com/errata/RHSA-2017:2292
- https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9Patch
- https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.htmlMailing ListThird Party Advisory
- https://www.gnutls.org/security.htmlVendor Advisory
FAQ
What is CVE-2016-7444?
CVE-2016-7444 is a vulnerability with a CVSS score of 7.5 (HIGH). The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to b...
How severe is CVE-2016-7444?
CVE-2016-7444 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7444?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gnutls.