High severity7.5NVD Advisory· Published Sep 27, 2016· Updated May 6, 2026

CVE-2016-7444

Description

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9nvdPatch
lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.htmlnvdMailing ListThird Party Advisory
www.gnutls.org/security.htmlnvdVendor Advisory
lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.htmlnvd
www.securityfocus.com/bid/92893nvd
access.redhat.com/errata/RHSA-2017:2292nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000