CVE-2017-5336: Buffer Overflow

First published: Wed Jan 11 2017(Updated: )

A vulnerability was found in gnutls. A stack overflow could occur in opencdk in the cdk_pk_get_keyid function. A memory corruption could occur when parsing a maliciously crafted OpenPGP certificate. References: <a href="http://seclists.org/oss-sec/2017/q1/51">http://seclists.org/oss-sec/2017/q1/51</a> <a href="https://gnutls.org/security.html#GNUTLS-SA-2017-2">https://gnutls.org/security.html#GNUTLS-SA-2017-2</a> Upstream patch: <a href="https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732">https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732</a>

Credit: security@debian.org security@debian.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/first-publish-date
• collector/launchpad-cve
• source/Launchpad
• agent/author
• agent/severity
• agent/description
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2017-5336
• agent/software-canonical-lookup
• agent/weakness
• agent/remedy
• agent/references
• collector/nvd-index
• agent/software-canonical-lookup-request
• collector/nvd-cve
• source/NVD
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/event
• agent/tags
• collector/security-tracker-debian
• source/Debian
• agent/softwarecombine
• collector/usn-cve
• source/Ubuntu
• package-manager/redhat
• vendor/opensuse
• canonical/opensuse leap
• version/opensuse leap/42.1
• version/opensuse leap/42.2
• vendor/gnu
• canonical/gnu gnutls
• version/gnu gnutls/3.3.25
• version/gnu gnutls/3.5.0
• version/gnu gnutls/3.5.1
• version/gnu gnutls/3.5.2
• version/gnu gnutls/3.5.3
• version/gnu gnutls/3.5.4
• version/gnu gnutls/3.5.5
• version/gnu gnutls/3.5.6
• version/gnu gnutls/3.5.7
• package-manager/debian