CVE-2017-5335

Published: Mar 24, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

Affected (11)

Products: Opensuse: Leap · Gnu: Gnutls

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1
Opensuse Leap	Version 42.2

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Gnu Gnutls	Up to 3.3.25
Gnu Gnutls	Version 3.5.0
Gnu Gnutls	Version 3.5.1
Gnu Gnutls	Version 3.5.2
Gnu Gnutls	Version 3.5.3
Gnu Gnutls	Version 3.5.4
Gnu Gnutls	Version 3.5.5
Gnu Gnutls	Version 3.5.6
Gnu Gnutls	Version 3.5.7

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (22)

http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html

Source: security@debian.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0574.html

Source: security@debian.org

http://www.openwall.com/lists/oss-security/2017/01/10/7

Source: security@debian.org

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2017/01/11/4

Source: security@debian.org

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/95374

Source: security@debian.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037576

Source: security@debian.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:2292

Source: security@debian.org

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337

Source: security@debian.org

Issue TrackingPatchThird Party Advisory

https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a

Source: security@debian.org

Issue TrackingPatchThird Party Advisory

https://gnutls.org/security.html#GNUTLS-SA-2017-2

Source: security@debian.org

Vendor Advisory

https://security.gentoo.org/glsa/201702-04

Source: security@debian.org

PatchThird Party AdvisoryVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0574.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2017/01/10/7

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2017/01/11/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/95374

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037576

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:2292

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://gnutls.org/security.html#GNUTLS-SA-2017-2

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.gentoo.org/glsa/201702-04

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVendor Advisory

Timeline

No history available yet.