Executive Summary

Informations
NameCVE-2017-5335First vendor Publication2017-03-24
VendorCveLast vendor Modification2018-10-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5335

CWE : Common Weakness Enumeration

%idName
100 %CWE-125Out-of-bounds Read

CPE : Common Platform Enumeration

TypeDescriptionCount
Application277
Os2

Nessus® Vulnerability Scanner

DateDescription
2017-09-11Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1203.nasl - Type : ACT_GATHER_INFO
2017-09-11Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1204.nasl - Type : ACT_GATHER_INFO
2017-08-25Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2017-2292.nasl - Type : ACT_GATHER_INFO
2017-08-22Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170801_gnutls_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-08-09Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-2292.nasl - Type : ACT_GATHER_INFO
2017-08-02Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-2292.nasl - Type : ACT_GATHER_INFO
2017-04-18Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2017-815.nasl - Type : ACT_GATHER_INFO
2017-04-06Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170321_gnutls_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2017-03-30Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-0574.nasl - Type : ACT_GATHER_INFO
2017-03-30Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0054.nasl - Type : ACT_GATHER_INFO
2017-03-27Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2017-0574.nasl - Type : ACT_GATHER_INFO
2017-03-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-0574.nasl - Type : ACT_GATHER_INFO
2017-03-21Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3183-2.nasl - Type : ACT_GATHER_INFO
2017-02-13Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201702-04.nasl - Type : ACT_GATHER_INFO
2017-02-06Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-207.nasl - Type : ACT_GATHER_INFO
2017-02-02Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0348-1.nasl - Type : ACT_GATHER_INFO
2017-02-02Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3183-1.nasl - Type : ACT_GATHER_INFO
2017-01-30Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0304-1.nasl - Type : ACT_GATHER_INFO
2017-01-16Name : The remote Fedora host is missing a security update.
File : fedora_2017-e86817c42e.nasl - Type : ACT_GATHER_INFO
2017-01-12Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2017-011-02.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/95374
CONFIRM https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a
https://gnutls.org/security.html#GNUTLS-SA-2017-2
GENTOO https://security.gentoo.org/glsa/201702-04
MISC https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337
MLIST http://www.openwall.com/lists/oss-security/2017/01/10/7
http://www.openwall.com/lists/oss-security/2017/01/11/4
REDHAT http://rhn.redhat.com/errata/RHSA-2017-0574.html
https://access.redhat.com/errata/RHSA-2017:2292
SECTRACK http://www.securitytracker.com/id/1037576
SUSE http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
DateInformations
2018-11-01 05:18:40
  • Multiple Updates
2018-10-31 00:21:17
  • Multiple Updates
2018-01-26 12:08:22
  • Multiple Updates
2018-01-05 09:24:22
  • Multiple Updates
2017-09-22 13:24:46
  • Multiple Updates
2017-09-12 13:25:00
  • Multiple Updates
2017-08-26 13:24:55
  • Multiple Updates
2017-08-23 13:25:04
  • Multiple Updates
2017-08-10 13:25:16
  • Multiple Updates
2017-08-03 13:24:45
  • Multiple Updates
2017-04-19 13:24:36
  • Multiple Updates
2017-04-07 13:23:00
  • Multiple Updates
2017-03-31 13:22:46
  • Multiple Updates
2017-03-28 13:25:26
  • Multiple Updates
2017-03-28 00:23:33
  • Multiple Updates
2017-03-24 21:23:46
  • First insertion