CVE-2017-7509Improper Input Validation in Redhat Certificate System

CWE-20Improper Input Validation5 documents5 sources
Severity
6.5MEDIUMNVD
CNA3.5
EPSS
0.3%
top 44.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Certificate SystemRED HAT Certificate System
Timeline
PublishedJul 26
Latest updateMay 13

Description

An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5red_hat/certificate_systempki-common-8.1.20-1

🔴Vulnerability Details

2
GHSA
GHSA-2v3w-p5pg-rgxq: An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 82022-05-13
CVEList
CVE-2017-7509: An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 82018-07-26

📋Vendor Advisories

1
Red Hat
8: Enrolling certificate without certreq field causes CA to crash2017-05-11

💬Community

1
Bugzilla
CVE-2017-7509 certificate system 8: Enrolling certificate without certreq field causes CA to crash2017-05-26
CVE-2017-7509 — Improper Input Validation in Redhat | cvebase