[v3.2] gnutls: double free in certificate DN decoding (CVE-2015-6251)
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4
allows remote attackers to cause a denial of service via a long
DistinguishedName (DN) entry in a certificate.
Decoding a specific certificate with very long DistinguishedName (DN)
entries leads to double free, which may
result to a denial of service. Since the DN decoding occurs in almost
all applications using certificates it is recommended to upgrade the
latest GnuTLS version fixing the issue. Recommendation: Upgrade to
GnuTLS 3.4.4, or 3.3.17."
The upstream patch that fixes this issue is available at:
https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12
lib/x509/common.c
_gnutls_x509_dn_to_string
- str->data = NULL;
Reference:
http://seclists.org/oss-sec/2015/q3/374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6251
(from redmine: issue id 4573, created on 2015-08-26, closed on 2015-09-22)
- Relations:
- parent #4569 (closed)
- Changesets:
- Revision 3bbeefc9 by Natanael Copa on 2015-09-17T11:33:01Z:
main/gnutls: security upgrade to 3.4.5 (CVE-2015-6251)
fixes #4573