Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-1663Double Free in Gnutls

CWE-3998 documents8 sources
Severity
7.5HIGHNVD
EPSS
1.5%
top 18.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Gnutls
Timeline
PublishedMar 13
Latest updateMay 17

Description

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgnu/gnutls3.0.13+164

Patches

Patch: article.gmane.orgPatch: article.gmane.org

🔴Vulnerability Details

3
GHSA
GHSA-jjqc-5mxx-88h5: Double free vulnerability in libgnutls in GnuTLS before 32022-05-17
CVEList
CVE-2012-1663: Double free vulnerability in libgnutls in GnuTLS before 32012-03-13
OSV
CVE-2012-1663: Double free vulnerability in libgnutls in GnuTLS before 32012-03-13

💥Exploits & PoCs

1
Exploit-DB
GnuTLS libgnutls - Double-Free Certificate List Parsing Remote Denial of Service2013-03-22

📋Vendor Advisories

2
Red Hat
gnutls: double-free vulnerability in libgnutls 3.0.x2012-02-19
Debian
CVE-2012-1663: gnutls28 - Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote att...2012

💬Community

1
Bugzilla
CVE-2012-1663 gnutls: double-free vulnerability in libgnutls 3.0.x2012-03-14
CVE-2012-1663 — Double Free in GNU Gnutls | cvebase