CVE-2015-6251 — Use After Free in Gnutls

CWE-416 — Use After Free8 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

6.7%

top 8.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Linux GNU Gnutls

Timeline

PublishedAug 24

Latest updateMay 17

Description

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDgnu/gnutls21 versions+20

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-63p6-5792-gpfq: Double free vulnerability in GnuTLS before 3↗2022-05-17

▶

OSV

CVE-2015-6251: Double free vulnerability in GnuTLS before 3↗2015-08-24

▶

CVEList

CVE-2015-6251: Double free vulnerability in GnuTLS before 3↗2015-08-24

▶

📋Vendor Advisories

Ubuntu

GnuTLS vulnerabilities↗2015-09-01

▶

Red Hat

gnutls: double free flaw in certificate DN decoding (GNUTLS-SA-2015-3)↗2015-08-10

▶

Debian

CVE-2015-6251: gnutls28 - Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows ...↗2015

▶

💬Community

Bugzilla

CVE-2015-6251 gnutls: double free flaw in certificate DN decoding (GNUTLS-SA-2015-3)↗2015-08-10

▶