CVE-2006-7239
GnuTLS < 1.4.2 - Denial of Service via Unsupported Hash Algorithm in X.509 Certificate
Title source: llmDescription
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.gnu.org/software/gnutls/security.html
Patch mailing-list
x_refsource_mlist
http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html
Various Sources mailing-list
x_refsource_mlist
http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html
Scores
EPSS
0.0027
EPSS Percentile
50.4%
Details
CWE
CWE-310
Status
published
Products (42)
gnu/gnutls
1.0.16
gnu/gnutls
1.0.17
gnu/gnutls
1.0.18
gnu/gnutls
1.0.19
gnu/gnutls
1.0.20
gnu/gnutls
1.0.21
gnu/gnutls
1.0.22
gnu/gnutls
1.0.23
gnu/gnutls
1.0.24
gnu/gnutls
1.0.25
... and 32 more
Published
May 24, 2010
Tracked Since
Feb 18, 2026