CVE-2016-7444

NameCVE-2016-7444
DescriptionThe gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnutls28 (PTS)stretch3.5.8-5+deb9u5fixed
stretch (security)3.5.8-5+deb9u1fixed
buster3.6.7-4+deb10u5fixed
buster (security)3.6.7-4+deb10u4fixed
bullseye, sid3.6.15-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnutls28sourcejessie3.3.8-6+deb8u4
gnutls28source(unstable)3.5.3-4

Notes

https://gnutls.org/security.html#GNUTLS-SA-2016-3
http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
Upstream fix: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
https://bugzilla.redhat.com/show_bug.cgi?id=1374266
https://www.openwall.com/lists/oss-security/2016/09/18/3

Search for package or bug name: Reporting problems