#VU7656 Double free in Gnu - CVE-2017-5334
Published: August 2, 2017
Vulnerability identifier: #VU7656
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-5334
CWE-ID: CWE-415
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Gnu
Gnu
Software vendor:
GNU
GNU
Description
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to insufficient validation of user-supplied input by the gnutls_x509_ext_import_proxy function. A remote attacker can send a specially crafted X.509 certificate with Proxy Certificate Information extension present, trigger double free error and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to insufficient validation of user-supplied input by the gnutls_x509_ext_import_proxy function. A remote attacker can send a specially crafted X.509 certificate with Proxy Certificate Information extension present, trigger double free error and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Update to version 3.3.26 or 3.5.8.