CVE-2016-7444

NameCVE-2016-7444
DescriptionThe gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnutls28 (PTS)jessie3.3.8-6+deb8u7fixed
jessie (security)3.3.30-0+deb8u1fixed
stretch3.5.8-5+deb9u4fixed
stretch (security)3.5.8-5+deb9u1fixed
buster3.6.7-4+deb10u2fixed
bullseye, sid3.6.12-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnutls28source(unstable)3.5.3-4
gnutls28sourcejessie3.3.8-6+deb8u4

Notes

https://gnutls.org/security.html#GNUTLS-SA-2016-3
http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
Upstream fix: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
https://bugzilla.redhat.com/show_bug.cgi?id=1374266
http://www.openwall.com/lists/oss-security/2016/09/18/3

Search for package or bug name: Reporting problems