CVE-2017-5336

Published: Mar 24, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.

Affected (11)

Products: Opensuse: Leap · Gnu: Gnutls

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1
Opensuse Leap	Version 42.2

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Gnu Gnutls	Up to 3.3.25
Gnu Gnutls	Version 3.5.0
Gnu Gnutls	Version 3.5.1
Gnu Gnutls	Version 3.5.2
Gnu Gnutls	Version 3.5.3
Gnu Gnutls	Version 3.5.4
Gnu Gnutls	Version 3.5.5
Gnu Gnutls	Version 3.5.6
Gnu Gnutls	Version 3.5.7

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (22)

http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html

Source: security@debian.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0574.html

Source: security@debian.org

http://www.openwall.com/lists/oss-security/2017/01/10/7

Source: security@debian.org

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2017/01/11/4

Source: security@debian.org

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/95377

Source: security@debian.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037576

Source: security@debian.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:2292

Source: security@debian.org

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340

Source: security@debian.org

Issue TrackingPatchThird Party Advisory

https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732

Source: security@debian.org

Issue TrackingPatchThird Party Advisory

https://gnutls.org/security.html#GNUTLS-SA-2017-2

Source: security@debian.org

Vendor Advisory

https://security.gentoo.org/glsa/201702-04

Source: security@debian.org

PatchThird Party AdvisoryVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0574.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2017/01/10/7

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2017/01/11/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/95377

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037576

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:2292

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://gnutls.org/security.html#GNUTLS-SA-2017-2

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.gentoo.org/glsa/201702-04

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVendor Advisory

Timeline

No history available yet.