Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2015-3308

Published: 02/09/2015 Updated: 22/12/2016
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Double free vulnerability in lib/x509/x509_ext.c in GnuTLS prior to 3.3.14 allows remote malicious users to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu gnutls

canonical ubuntu linux 15.04

Vendor Advisories

Ubuntu Security Notice: gnutls28 vulnerabilities
GnuTLS could be made to crash or run programs if it processed a specially crafted certificate ...
Debian CVElist Bug Report Logs: gnutls28: CVE-2015-3308: use-after-free flaw in CRL distribution points parsing
Debian Bug report logs - #782776 gnutls28: CVE-2015-3308: use-after-free flaw in CRL distribution points parsing Package: src:gnutls28; Maintainer for src:gnutls28 is Debian GnuTLS Maintainers <pkg-gnutls-maint@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 17 Apr 2015 17:09:02 U ...
Red Hat: CVE-2015-3308
Double free vulnerability in lib/x509/x509_extc in GnuTLS before 3314 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point ...

References

NVD-CWE-Otherhttp://www.openwall.com/lists/oss-security/2015/04/15/6https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02http://www.openwall.com/lists/oss-security/2015/04/16/6http://www.ubuntu.com/usn/USN-2727-1https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9http://www.securityfocus.com/bid/74188http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.htmlhttp://www.securitytracker.com/id/1033774https://security.gentoo.org/glsa/201506-03http://www.gnutls.org/security.html#GNUTLS-SA-2015-4https://usn.ubuntu.com/2727-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-3308
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middlecommand injectionCVE-2021-47511CVE-2024-26238CVE-2024-4858CVE-2024-21305XXECVE-2021-47555CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook