ID CVE-2017-7507
Summary GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
References
Vulnerable Configurations
  • GNU GnuTLS 3.5.12
    cpe:2.3:a:gnu:gnutls:3.5.12
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-476
CAPEC
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3884.NASL
    description Hubert Kario discovered that GnuTLS, a library implementing the TLS and SSL protocols, does not properly decode a status response TLS extension, allowing a remote attacker to cause an application using the GnuTLS library to crash (denial of service).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100852
    published 2017-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100852
    title Debian DSA-3884-1 : gnutls28 - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-7936341C80.NASL
    description https://lists.gnupg.org/pipermail/gnutls-devel/2017-June/008446.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 101660
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101660
    title Fedora 26 : mingw-gnutls (2017-7936341c80)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-2292.NASL
    description An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.26). (BZ#1378373) Security Fix(es) : * A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) * A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) * A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102759
    published 2017-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102759
    title CentOS 7 : gnutls (CESA-2017:2292)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1203.NASL
    description According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially-crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) - Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) - A null pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) - A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 103061
    published 2017-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103061
    title EulerOS 2.0 SP1 : gnutls (EulerOS-SA-2017-1203)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-F0D48EABE6.NASL
    description - Update to upstream 3.5.13 release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 101746
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101746
    title Fedora 26 : gnutls (2017-f0d48eabe6)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2292.NASL
    description An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.26). (BZ#1378373) Security Fix(es) : * A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) * A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) * A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 102116
    published 2017-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102116
    title RHEL 7 : gnutls (RHSA-2017:2292)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-824.NASL
    description This update for gnutls fixes the following issues : - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding (bsc#1043398) - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding (bsc#1034173) - Address read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 101759
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101759
    title openSUSE Security Update : gnutls (openSUSE-2017-824)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1838-1.NASL
    description This update for gnutls fixes the following issues : - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding (bsc#1043398) - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding (bsc#1034173) - Address read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 101393
    published 2017-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101393
    title SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:1838-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170801_GNUTLS_ON_SL7_X.NASL
    description The following packages have been upgraded to a later upstream version: gnutls (3.3.26). Security Fix(es) : - A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) - Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) - A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) - A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 102642
    published 2017-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102642
    title Scientific Linux Security Update : gnutls on SL7.x x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-2292.NASL
    description From Red Hat Security Advisory 2017:2292 : An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.26). (BZ#1378373) Security Fix(es) : * A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) * A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) * A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 102303
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102303
    title Oracle Linux 7 : gnutls (ELSA-2017-2292)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201710-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-201710-15 (GnuTLS: Denial of Service) A NULL pointer dereference while decoding a status response TLS extension with valid contents was discovered in GnuTLS. Impact : A remote attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-06-07
    plugin id 103850
    published 2017-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103850
    title GLSA-201710-15 : GnuTLS: Denial of Service
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3318-1.NASL
    description Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-7507) It was discovered that GnuTLS incorrectly handled decoding certain OpenPGP certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-7869). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 100781
    published 2017-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100781
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : gnutls26, gnutls28 vulnerabilities (USN-3318-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-F646217583.NASL
    description - Update to upstream 3.5.13 release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 100736
    published 2017-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100736
    title Fedora 25 : gnutls (2017-f646217583)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0038.NASL
    description An update of [gnutls, c-ares, nginx, mercurial, linux, mesos, git, binutils, krb5, dnsmasq] packages for PhotonOS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111887
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111887
    title Photon OS 1.0: Binutils / C / Dnsmasq / Git / Gnutls / Krb5 / Linux / Mercurial / Mesos / Nginx PHSA-2017-0038 (deprecated)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1204.NASL
    description According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially-crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) - Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) - A null pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) - A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 103062
    published 2017-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103062
    title EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2017-1204)
redhat via4
advisories
rhsa
id RHSA-2017:2292
rpms
  • gnutls-0:3.3.26-9.el7
  • gnutls-c++-0:3.3.26-9.el7
  • gnutls-dane-0:3.3.26-9.el7
  • gnutls-devel-0:3.3.26-9.el7
  • gnutls-utils-0:3.3.26-9.el7
refmap via4
bid 99102
confirm https://www.gnutls.org/security.html#GNUTLS-SA-2017-4
debian DSA-3884
Last major update 16-06-2017 - 15:29
Published 16-06-2017 - 15:29
Last modified 04-01-2018 - 21:31
Back to Top