ID CVE-2015-3308
Summary Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
References
Vulnerable Configurations
  • GNU GnuTLS 3.3.13
    cpe:2.3:a:gnu:gnutls:3.3.13
  • Canonical Ubuntu Linux 15.04
    cpe:2.3:o:canonical:ubuntu_linux:15.04
CVSS
Base: 7.5 (as of 02-09-2015 - 12:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-5131.NASL
    description new upstream release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 82949
    published 2015-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82949
    title Fedora 22 : gnutls-3.3.14-1.fc22 (2015-5131)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2727-1.NASL
    description It was discovered that GnuTLS incorrectly handled parsing CRL distribution points. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2015-3308) Kurt Roeckx discovered that GnuTLS incorrectly handled a long DistinguishedName (DN) entry in a certificate. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2015-6251). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 85735
    published 2015-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85735
    title Ubuntu 15.04 : gnutls28 vulnerabilities (USN-2727-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201506-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201506-03 (GnuTLS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and external references below for details. Impact : A context-dependent attacker can cause a denial of service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-10-02
    plugin id 84331
    published 2015-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84331
    title GLSA-201506-03 : GnuTLS: Multiple vulnerabilities
refmap via4
bid 74188
confirm
fedora FEDORA-2015-5131
gentoo GLSA-201506-03
mlist
  • [oss-security] 20150415 double-free in gnutls (CRL distribution points parsing)
  • [oss-security] 20150416 Re: double-free in gnutls (CRL distribution points parsing)
sectrack 1033774
ubuntu USN-2727-1
Last major update 21-12-2016 - 21:59
Published 02-09-2015 - 10:59
Back to Top