CVE-2017-7869

CVE Details

Release Date:2017-04-14

Description


GnuTLS before 2017-02-20 has an out-of-bounds write caused by aninteger overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.

See more information about CVE-2017-7869 from MITRE CVE dictionary and NIST NVD


CVSS v2 metrics


NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score:5 Base Metrics:AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector: Network Confidentiality Impact: None
Access Impact: Low Integrity Impact: None
Authentication: None required Availability Impact: Partial

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (gnutls)ELSA-2017-22922017-08-07



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete