CVE-2017-7869 – gnutls: Out-of-bounds write related to the cdk_pkt_read function (GNUTLS-SA-2017-3)

https://notcve.org/view.php?id=CVE-2017-7869

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. GnuTLS en versiones anteriores a 20-02-2017 tiene una escritura fuera de límites provocado por un desbordamiento de entero y desbordamiento de búfer basado en memoria dinámica en relación con la función cdk_pkt_read en opencdk/read-packet.c. Este problema (que es un subconjunto del informe GNUTLS-SA-2017-3 del proveedor) se fija en 3.5.10. • http://www.securityfocus.com/bid/97040 https://access.redhat.com/errata/RHSA-2017:2292 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe https://www.gnutls.org/security.html https://access.redhat.com/security/cve/CVE-2017-7869 https://bugzilla.redhat.com/show_bug.cgi?id=1443033 • CWE-787: Out-of-bounds Write •