Back to search
CVE-2010-0731
Published: Mar 26, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2010:0167
vendor-advisory
x_refsource_REDHAT
39127
third-party-advisory
x_refsource_SECUNIA
MDVSA-2010:089
vendor-advisory
x_refsource_MANDRIVA
38959
vdb-entry
x_refsource_BID
ADV-2010-0713
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:9759
vdb-entry
signature
x_refsource_OVAL
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=573028
x_refsource_CONFIRM
SUSE-SR:2010:014
vendor-advisory
x_refsource_SUSE
ADV-2010-1054
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now