VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 26, 2010· Updated Apr 29, 2026

CVE-2010-0731

CVE-2010-0731

Description

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.

Affected products

22
  • GNU/Gnutls22 versions
    cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*+ 21 more
    • cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*range: <=1.2.0
    • cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.