CVE-2016-4456
published 2017-08-08CVE-2016-4456: The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gnutls28 | < gnutls28 3.4.13-1 (bookworm) | gnutls28 3.4.13-1 (bookworm) |
| gnu | gnutls | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH