CVE-2016-7444

NameCVE-2016-7444
DescriptionThe gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnutls28 (PTS)jessie, jessie (lts)3.3.30-0+deb8u2fixed
stretch (security)3.5.8-5+deb9u6fixed
stretch (lts), stretch3.5.8-5+deb9u7fixed
buster (security), buster, buster (lts)3.6.7-4+deb10u12fixed
bullseye3.7.1-5+deb11u5fixed
bullseye (security)3.7.1-5+deb11u6fixed
bookworm3.7.9-2+deb12u3fixed
sid, trixie3.8.8-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnutls28sourcejessie3.3.8-6+deb8u4
gnutls28source(unstable)3.5.3-4

Notes

https://gnutls.org/security.html#GNUTLS-SA-2016-3
http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
Upstream fix: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
https://bugzilla.redhat.com/show_bug.cgi?id=1374266
https://www.openwall.com/lists/oss-security/2016/09/18/3

Search for package or bug name: Reporting problems