Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2017-7507

Published: 9 June 2017

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Does not exist

yakkety Does not exist

zesty Does not exist

gnutls28
Launchpad, Ubuntu, Debian
artful
Released (3.5.8-6ubuntu1)
bionic
Released (3.5.8-6ubuntu1)
cosmic
Released (3.5.8-6ubuntu1)
disco
Released (3.5.8-6ubuntu1)
trusty Does not exist
(trusty was needed)
upstream
Released (3.5.13,3.5.8-6)
xenial
Released (3.4.10-4ubuntu1.3)
yakkety
Released (3.5.3-5ubuntu1.2)
zesty
Released (3.5.6-4ubuntu4.1)
Patches:
upstream: https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
upstream: https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
upstream: https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9
upstream: https://gitlab.com/gnutls/gnutls/commit/9d95c912b5843e664c8210887a6719f02a9028be (3.3)
upstream: https://gitlab.com/gnutls/gnutls/commit/023a20d21b762918d3e1ab25a207ecf874ba21a9 (3.3)
upstream: https://gitlab.com/gnutls/gnutls/commit/3ade67eb6859a5a074f981480e5663ea92a59380 (3.3)

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H