CVE-2016-4456
https://notcve.org/view.php?id=CVE-2016-4456
The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. La variable de entorno "GNUTLS_KEYLOGFILE" en gnutls 3.4.12 permite que atacantes remotos sobrescriban y corrompan archivos arbitrarios en el sistema de archivos. • http://www.openwall.com/lists/oss-security/2016/06/07/6 https://bugzilla.redhat.com/show_bug.cgi?id=1343505 • CWE-20: Improper Input Validation •
CVE-2017-7507 – gnutls: Crash upon receiving well-formed status_request extension
https://notcve.org/view.php?id=CVE-2017-7507
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. GnuTLS versión 3.5.12 y anteriores, es vulnerable a una desreferencia del puntero NULL durante la descodificación de una extensión TLS de respuesta de estado con contenido válido. Esto podría conllevar a un bloqueo de la aplicación del servidor GnuTLS. A null pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. • http://www.debian.org/security/2017/dsa-3884 http://www.securityfocus.com/bid/99102 https://access.redhat.com/errata/RHSA-2017:2292 https://www.gnutls.org/security.html#GNUTLS-SA-2017-4 https://access.redhat.com/security/cve/CVE-2017-7507 https://bugzilla.redhat.com/show_bug.cgi?id=1454621 • CWE-476: NULL Pointer Dereference •
CVE-2017-7869 – gnutls: Out-of-bounds write related to the cdk_pkt_read function (GNUTLS-SA-2017-3)
https://notcve.org/view.php?id=CVE-2017-7869
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. GnuTLS en versiones anteriores a 20-02-2017 tiene una escritura fuera de límites provocado por un desbordamiento de entero y desbordamiento de búfer basado en memoria dinámica en relación con la función cdk_pkt_read en opencdk/read-packet.c. Este problema (que es un subconjunto del informe GNUTLS-SA-2017-3 del proveedor) se fija en 3.5.10. • http://www.securityfocus.com/bid/97040 https://access.redhat.com/errata/RHSA-2017:2292 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe https://www.gnutls.org/security.html https://access.redhat.com/security/cve/CVE-2017-7869 https://bugzilla.redhat.com/show_bug.cgi?id=1443033 • CWE-787: Out-of-bounds Write •
CVE-2017-5337 – gnutls: Heap read overflow in read-packet.c
https://notcve.org/view.php?id=CVE-2017-5337
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. Múltiples desbordamientos de búfer basados en memoria dinámica en la función read_attribute en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permiten a los atacantes remotos tener un impacto no especificado a través de un certificado OpenPGP manipulado. • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html http://rhn.redhat.com/errata/RHSA-2017-0574.html http://www.openwall.com/lists/oss-security/2017/01/10/7 http://www.openwall.com/lists/oss-security/2017/01/11/4 http://www.securityfocus.com/bid/95372 http://www.securitytracker.com/id/1037576 https://access.redhat.com/errata/RHSA-2017:2292 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 https://bugs.chromium.org/p/oss-fuzz/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2017-5336 – gnutls: Stack overflow in cdk_pk_get_keyid
https://notcve.org/view.php?id=CVE-2017-5336
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. El desbordamiento de búfer basado en la pila en la función cdk_pk_get_keyid en lib/opencdk/pubkey.c en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permite a atacantes remotos tener un impacto no especificado a través de un certificado OpenPGP manipulado. • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html http://rhn.redhat.com/errata/RHSA-2017-0574.html http://www.openwall.com/lists/oss-security/2017/01/10/7 http://www.openwall.com/lists/oss-security/2017/01/11/4 http://www.securityfocus.com/bid/95377 http://www.securitytracker.com/id/1037576 https://access.redhat.com/errata/RHSA-2017:2292 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 https://gitlab.com/gnutls/gnutls/commit/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •