CVE-2010-0731

Priority
Description
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1,
when running on big-endian, 64-bit platforms, calls the asn1_read_value
with a pointer to the wrong data type and the wrong length value, which
allows remote attackers to bypass the certificate revocation list (CRL)
check and cause a stack-based buffer overflow via a crafted X.509
certificate, related to extraction of a serial number.
Package
Upstream:not-affected
Package
Upstream:needs-triage
Package
Upstream:released (1.2.1)
Package
Upstream:not-affected
More Information

Updated: 2018-10-22 13:51:38 UTC (commit 03ef231d584286304e54ae60f0de485bd42f2da8)