CVE-2017-7507

Impact:
Moderate
Public Date:
2017-06-07
Bugzilla:
1454621: CVE-2017-7507 gnutls: Crash upon receiving well-formed status_request extension
A null pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash.

Find out more about CVE-2017-7507 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (gnutls) RHSA-2017:2292 2017-08-01

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 gnutls Not affected
Red Hat Enterprise Linux 5 gnutls Not affected
RHEV Manager 3 mingw-virt-viewer Not affected

Acknowledgements

This issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team).

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.