CVE-2022-2509

CWE-415 CWE-77 — Command Injection CWE-78 — OS Command Injection CWE-190 — Integer Overflow12 documents10 sources

Severity

7.5HIGH

EPSS

0.6%

top 29.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Gnutls Debian Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedAug 1

Latest updateSep 15

Description

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDgnu/gnutls< 3.7.7

▶Debiangnutls28< 3.7.1-5+deb11u2+3

▶CVEListV5gnutlsgnutls 3.7.7(Fixed)

Also affects: Debian Linux 10.0, 11.0, Fedora 35, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

OSV

gnutls28 vulnerabilities↗2022-08-04

▶

GHSA

GHSA-w33j-4mrg-pgc3: A vulnerability found in gnutls↗2022-08-02

▶

CVEList

CVE-2022-2509: A vulnerability found in gnutls↗2022-08-01

▶

OSV

CVE-2022-2509: A vulnerability found in gnutls↗2022-08-01

▶

📋Vendor Advisories

Red Hat

kernel: md: Replace snprintf with scnprintf↗2025-09-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: Policy (Oracle Linux) — CVE-2022-2509↗2023-01-15

▶

Microsoft

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.↗2022-08-09

▶

Ubuntu

GnuTLS vulnerabilities↗2022-08-04

▶

Red Hat

gnutls: Double free during gnutls_pkcs7_verify↗2022-07-29

▶