ID CVE-2017-7869
Summary GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
References
Vulnerable Configurations
  • GNU GnuTLS 3.5.9
    cpe:2.3:a:gnu:gnutls:3.5.9
CVSS
Base: 5.0 (as of 23-04-2017 - 07:41)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0016_GNUTLS.NASL
    description An update of the gnutls package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121691
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121691
    title Photon OS 1.0: Gnutls PHSA-2017-0016
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-2292.NASL
    description An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.26). (BZ#1378373) Security Fix(es) : * A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) * A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) * A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102759
    published 2017-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102759
    title CentOS 7 : gnutls (CESA-2017:2292)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1115.NASL
    description According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.(CVE-2017-7869) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 101306
    published 2017-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101306
    title EulerOS 2.0 SP1 : gnutls (EulerOS-SA-2017-1115)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2292.NASL
    description An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.26). (BZ#1378373) Security Fix(es) : * A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) * A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) * A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 102116
    published 2017-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102116
    title RHEL 7 : gnutls (RHSA-2017:2292)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1111.NASL
    description According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.(CVE-2017-7869) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 100722
    published 2017-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100722
    title EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2017-1111)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-824.NASL
    description This update for gnutls fixes the following issues : - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding (bsc#1043398) - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding (bsc#1034173) - Address read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 101759
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101759
    title openSUSE Security Update : gnutls (openSUSE-2017-824)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1838-1.NASL
    description This update for gnutls fixes the following issues : - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding (bsc#1043398) - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding (bsc#1034173) - Address read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 101393
    published 2017-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101393
    title SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:1838-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170801_GNUTLS_ON_SL7_X.NASL
    description The following packages have been upgraded to a later upstream version: gnutls (3.3.26). Security Fix(es) : - A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) - Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) - A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) - A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 102642
    published 2017-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102642
    title Scientific Linux Security Update : gnutls on SL7.x x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-2292.NASL
    description From Red Hat Security Advisory 2017:2292 : An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.26). (BZ#1378373) Security Fix(es) : * A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) * A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) * A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 102303
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102303
    title Oracle Linux 7 : gnutls (ELSA-2017-2292)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1886-1.NASL
    description This update for gnutls fixes the following issues : - GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write in OpenPGP certificate decoding was fixed (bsc#1034173) - CVE-2017-6891: A potential stack-based buffer overflow in the bundled libtasn1 was fixed (bsc#1040621) - An address read of 4 bytes past the end of buffer in OpenPGP certificate parsing was fixed (bsc#1038337) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 101768
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101768
    title SUSE SLES11 Security Update : gnutls (SUSE-SU-2017:1886-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3318-1.NASL
    description Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-7507) It was discovered that GnuTLS incorrectly handled decoding certain OpenPGP certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-7869). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 100781
    published 2017-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100781
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : gnutls26, gnutls28 vulnerabilities (USN-3318-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0016.NASL
    description An update of [gnutls,openjdk,openjre] packages for PhotonOS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111865
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111865
    title Photon OS 1.0: Gnutls / Linux / Openjdk / Openjre PHSA-2017-0016 (deprecated)
redhat via4
advisories
bugzilla
id 1454621
title CVE-2017-7507 gnutls: Crash upon receiving well-formed status_request extension
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment gnutls is earlier than 0:3.3.26-9.el7
        oval oval:com.redhat.rhsa:tst:20172292009
      • comment gnutls is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120429006
    • AND
      • comment gnutls-c++ is earlier than 0:3.3.26-9.el7
        oval oval:com.redhat.rhsa:tst:20172292007
      • comment gnutls-c++ is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140684010
    • AND
      • comment gnutls-dane is earlier than 0:3.3.26-9.el7
        oval oval:com.redhat.rhsa:tst:20172292005
      • comment gnutls-dane is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140684008
    • AND
      • comment gnutls-devel is earlier than 0:3.3.26-9.el7
        oval oval:com.redhat.rhsa:tst:20172292011
      • comment gnutls-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120429010
    • AND
      • comment gnutls-utils is earlier than 0:3.3.26-9.el7
        oval oval:com.redhat.rhsa:tst:20172292013
      • comment gnutls-utils is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120429008
rhsa
id RHSA-2017:2292
released 2017-08-01
severity Moderate
title RHSA-2017:2292: gnutls security, bug fix, and enhancement update (Moderate)
rpms
  • gnutls-0:3.3.26-9.el7
  • gnutls-c++-0:3.3.26-9.el7
  • gnutls-dane-0:3.3.26-9.el7
  • gnutls-devel-0:3.3.26-9.el7
  • gnutls-utils-0:3.3.26-9.el7
refmap via4
bid 97040
confirm https://www.gnutls.org/security.html
misc
Last major update 25-04-2017 - 09:23
Published 14-04-2017 - 00:59
Last modified 04-01-2018 - 21:31
Back to Top