CVE-2010-0731
GnuTLS < 1.2.1 - Stack-Based Buffer Overflow via X.509 Certificate Serial Number Extraction
Title source: llmDescription
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
References (10)
Core 10
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0167.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39127
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38959
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0713
Exploit x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=573028
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9759
Exploit x_refsource_confirm
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1054
Scores
EPSS
0.0163
EPSS Percentile
82.1%
Details
CWE
CWE-119
Status
published
Products (22)
gnu/gnutls
1.0.16
gnu/gnutls
1.0.17
gnu/gnutls
1.0.18
gnu/gnutls
1.0.19
gnu/gnutls
1.0.20
gnu/gnutls
1.0.21
gnu/gnutls
1.0.22
gnu/gnutls
1.0.23
gnu/gnutls
1.0.24
gnu/gnutls
1.0.25
... and 12 more
Published
Mar 26, 2010
Tracked Since
Feb 18, 2026