Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2016-7444  

Incorrect length validation on gnutls's gnutls_ocsp_resp_check_crt method can allow an attacker to use a OCSP response for a different certificate (but from the same CA) to continue using a revoked certificate. This can happen if the serial from the revoked certificate is a prefix of the other one, and the additional bytes happen to be equal on the system doing the verification.

Source
Severity Medium

Remote Yes

Type Certificate verification bypass

Description 

Incorrect length validation on gnutls's gnutls_ocsp_resp_check_crt method can allow an attacker to use a OCSP response for a different certificate (but from the same CA) to continue using a revoked certificate. This can happen if the serial from the revoked certificate is a prefix of the other one, and the additional bytes happen to be equal on the system doing the verification.

AVG-26 gnutls 3.4.14-1 3.4.15-1 Medium Fixed

AVG-17 lib32-gnutls 3.4.14-1 3.4.15-1 Medium Fixed

26 Sep 2016 ASA-201609-26 AVG-17 lib32-gnutls Medium certificate verification bypass

26 Sep 2016 ASA-201609-25 AVG-26 gnutls Medium certificate verification bypass 

https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started