FKIE_CVE-2015-6251

Vulnerability from fkie_nvd - Published: 2015-08-24 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html
secalert@redhat.comhttp://www.debian.org/security/2015/dsa-3334
secalert@redhat.comhttp://www.gnutls.org/security.html#GNUTLS-SA-2015-3Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2015/08/10/1
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2015/08/17/6
secalert@redhat.comhttp://www.securityfocus.com/bid/76267
secalert@redhat.comhttp://www.securitytracker.com/id/1033226
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1251902
secalert@redhat.comhttps://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3334
af854a3a-2127-422b-91ae-364da2661108http://www.gnutls.org/security.html#GNUTLS-SA-2015-3Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/08/10/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/08/17/6
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/76267
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033226
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1251902
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12
Impacted products
Vendor Product Version
gnu gnutls 3.3.0
gnu gnutls 3.3.0
gnu gnutls 3.3.1
gnu gnutls 3.3.2
gnu gnutls 3.3.3
gnu gnutls 3.3.4
gnu gnutls 3.3.5
gnu gnutls 3.3.6
gnu gnutls 3.3.7
gnu gnutls 3.3.8
gnu gnutls 3.3.9
gnu gnutls 3.3.10
gnu gnutls 3.3.11
gnu gnutls 3.3.12
gnu gnutls 3.3.13
gnu gnutls 3.3.14
gnu gnutls 3.3.15
gnu gnutls 3.3.16
gnu gnutls 3.4.0
gnu gnutls 3.4.1
gnu gnutls 3.4.2
gnu gnutls 3.4.3
debian debian_linux 8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "BE31FE31-3F85-41F3-9DCB-58A090E63DEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*",
              "matchCriteriaId": "18A0842D-2CAC-4372-80D0-68BCCC28C7BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A91948CE-E418-4450-AB62-9078D3A0FBEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34267DC-A768-4A0F-BB54-74314B70E4F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "160B3AD7-37A3-4A01-B1CD-83E6500E145A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE61F19-A2C3-4FE9-9C5A-D1FB949B6CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EDFE7E2-12FC-4819-8615-F76A312E8BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4993D25F-607B-4486-B9EC-566A1EEBE73B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FEF4D26-DD0C-4E67-8901-8B38A51C1FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CE4BAE-77EC-469D-9FE2-A807B7E2EC64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7921C926-450B-4EFF-B610-B8B8FD17AE1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "199F787B-0515-442A-8FFA-7A2D8E145792",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6916156-380B-4BF5-A070-8710F728C62D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "20A990DC-4934-4466-978B-26105AD2DAC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEE96D17-4EBB-4AA1-AC55-28E65F18A5A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93C125C-331E-450B-879B-2444AE32E022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "924DABC9-8131-4280-8151-26DC08078E1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B28D33-61C9-4A83-B9FF-31EF7A8DB195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F4DFB1F-772E-4514-B0EC-66923F422797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537DB088-69A7-4482-A639-F3F4C44CA79C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8F38611-4E74-4180-844C-CBD2C3230684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "461EA8A4-C0C0-4F21-89A0-EACAB34C4C18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de liberaci\u00f3n doble en GnuTLS en versiones anteriores a la 3.3.17 y 3.4.x versiones anteriores a 3.4.4, permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de una entrada DistinguishedName (DN) de gran longitud en un certificado."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/415.html\"\u003eCWE-415: Double Free\u003c/a\u003e",
  "id": "CVE-2015-6251",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-08-24T14:59:10.947",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2015/dsa-3334"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/10/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/17/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/76267"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1033226"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251902"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/10/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/17/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.