A critical memory corruption vulnerability has been found in GnuTLS versions prior to 3.6.7, in any API backed by verify_crt(), including gnutls_x509_trust_list_verify_crt() and related routines. Any client or server that verifies X.509 certificates with GnuTLS is likely affected and can be compromised by a malicious server or active network attacker.
A critical memory corruption vulnerability has been found in GnuTLS versions prior to 3.6.7, in any API backed by verify_crt(), including gnutls_x509_trust_list_verify_crt() and related routines. Any client or server that verifies X.509 certificates with GnuTLS is likely affected and can be compromised by a malicious server or active network attacker.
https://gitlab.com/gnutls/gnutls/issues/694