Denial of Service Vulnerability in GnuTLS by Remote Attackers
CVE-2017-5335
7.5HIGH
What is CVE-2017-5335?
A vulnerability exists in GnuTLS, specifically in the stream reading functions within 'lib/opencdk/read-packet.c'. This flaw allows remote attackers to exploit crafted OpenPGP certificates, potentially leading to an out-of-memory error and causing the application to crash. The vulnerability affects GnuTLS versions prior to 3.3.26 and the 3.5.x series before 3.5.8, emphasizing the importance of upgrading to maintained releases to mitigate such risks.
References
EPSS Score
8% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved