CVE-2012-1663

GnuTLS < 3.0.14 - Double Free via Crafted Certificate List

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1663. PoCs published by Shawn the R0ck.

AI-analyzed exploit summary The provided content is a writeup describing a proof-of-concept for CVE-2012-1663, a remote DoS vulnerability in GNUTLS versions prior to 3.0.14. It outlines the prerequisites and attack scenarios involving crafted certificates to trigger a double-free issue.

Description

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

Exploits (1)

exploitdb WRITEUP
by Shawn the R0ck · textdoslinux
https://www.exploit-db.com/exploits/24865

The provided content is a writeup describing a proof-of-concept for CVE-2012-1663, a remote DoS vulnerability in GNUTLS versions prior to 3.0.14. It outlines the prerequisites and attack scenarios involving crafted certificates to trigger a double-free issue.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Theoretical
Target: GNUTLS <= 3.0.13
No auth needed
Prerequisites: GNUTLS version prior to 3.0.14 · crafted certificate
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74099
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/24865

Scores

EPSS 0.0524
EPSS Percentile 91.5%

Details

CWE
CWE-399
Status published
Products (50)
gnu/gnutls 1.0.16
gnu/gnutls 1.0.17
gnu/gnutls 1.0.18
gnu/gnutls 1.0.19
gnu/gnutls 1.0.20
gnu/gnutls 1.0.21
gnu/gnutls 1.0.22
gnu/gnutls 1.0.23
gnu/gnutls 1.0.24
gnu/gnutls 1.0.25
... and 40 more
Published Mar 13, 2012
Tracked Since Feb 18, 2026