Double Free Vulnerability in GnuTLS Affecting Multiple Platforms
CVE-2022-2509

7.5HIGH

Key Information:

Vendor
Gnu
Status
Gnutls
Vendor
CVE Published:
1 August 2022

Summary

A double free error has been identified in the GnuTLS library, specifically during the verification process of pkcs7 signatures within the gnutls_pkcs7_verify function. This issue could potentially allow an attacker to exploit the memory management flaws, leading to unexpected behavior in affected applications. Users of GnuTLS are advised to update to the latest version to mitigate the risk associated with this vulnerability.

Affected Version(s)

GnuTLS gnutls 3.7.7(Fixed)

References

https://access.redhat.com/security/cve/CVE-2022-2509
x_refsource_MISC
https://lists.gnupg.org/pipermail/gnutls-help/2022-July/0...
x_refsource_MISC
https://www.debian.org/security/2022/dsa-5203
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.