Denial of service in Gnu - CVE-2017-7869
Published: August 2, 2017
Vulnerability identifier: #VU7661
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-7869
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: GNU
Affected software:
Gnu
Gnu
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to cause Dos condition on the target system.
The weakness exists due to improper memory processing in the opencdk/read-packet.c of the cdk_pkt_read function. A remote attacker can send a specially crafted OpenPGP certificate, trigger buffer overflow, integer overflow or NULL pointer dereference and cause the server application to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to improper memory processing in the opencdk/read-packet.c of the cdk_pkt_read function. A remote attacker can send a specially crafted OpenPGP certificate, trigger buffer overflow, integer overflow or NULL pointer dereference and cause the server application to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-7869
Update to version 3.5.10 or later.