CVE-2010-0731
gnutls: gnutls_x509_crt_get_serial incorrect serial decoding from ASN1 (BE64) [GNUTLS-SA-2010-1]
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
La función gnutls_x509_crt_get_serial en la librería GnuTLS anterior a v1.2.1, cunado se está ejecutando sobre big-endian, plataformas de 64-bit, llama de a asn1_read_value con un puntero a un tipo de dato erróneo, y con una longitud errónea, lo que permite a atacantes remotos saltarse el control la lista de certificados revocados (CRL) y robocar un desbordamiento de de búfer basado en pila, a a través de un certificado X.509 manipulado, relativo a la extracción de un número de serie.
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. The updated packages have been patched to correct these issues.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-02-26 CVE Reserved
- 2010-03-26 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-04-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/39127 | Third Party Advisory | |
| http://www.securityfocus.com/bid/38959 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2010/1054 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9759 | Signature |
| URL | Date | SRC |
|---|---|---|
| http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230 | 2024-08-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=573028 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/0713 | 2017-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | <= 1.2.0 Search vendor "Gnu" for product "Gnutls" and version " <= 1.2.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.0.16 Search vendor "Gnu" for product "Gnutls" and version "1.0.16" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.0.17 Search vendor "Gnu" for product "Gnutls" and version "1.0.17" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.0.18 Search vendor "Gnu" for product "Gnutls" and version "1.0.18" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.0.19 Search vendor "Gnu" for product "Gnutls" and version "1.0.19" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.0.20 Search vendor "Gnu" for product "Gnutls" and version "1.0.20" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.0.21 Search vendor "Gnu" for product "Gnutls" and version "1.0.21" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.0.22 Search vendor "Gnu" for product "Gnutls" and version "1.0.22" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.0.23 Search vendor "Gnu" for product "Gnutls" and version "1.0.23" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.0.24 Search vendor "Gnu" for product "Gnutls" and version "1.0.24" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.0.25 Search vendor "Gnu" for product "Gnutls" and version "1.0.25" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.1.13 Search vendor "Gnu" for product "Gnutls" and version "1.1.13" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.1.14 Search vendor "Gnu" for product "Gnutls" and version "1.1.14" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.1.15 Search vendor "Gnu" for product "Gnutls" and version "1.1.15" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.1.16 Search vendor "Gnu" for product "Gnutls" and version "1.1.16" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.1.17 Search vendor "Gnu" for product "Gnutls" and version "1.1.17" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.1.18 Search vendor "Gnu" for product "Gnutls" and version "1.1.18" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.1.19 Search vendor "Gnu" for product "Gnutls" and version "1.1.19" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.1.20 Search vendor "Gnu" for product "Gnutls" and version "1.1.20" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.1.21 Search vendor "Gnu" for product "Gnutls" and version "1.1.21" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.1.22 Search vendor "Gnu" for product "Gnutls" and version "1.1.22" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 1.1.23 Search vendor "Gnu" for product "Gnutls" and version "1.1.23" | - |
Affected
| ||||||