High severity7.5NVD Advisory· Published Mar 24, 2017· Updated May 13, 2026
CVE-2017-5335
CVE-2017-5335
Description
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
Affected products
11cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*range: <=3.3.25
- cpe:2.3:a:gnu:gnutls:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- www.openwall.com/lists/oss-security/2017/01/10/7nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2017/01/11/4nvdMailing ListPatchThird Party Advisory
- bugs.chromium.org/p/oss-fuzz/issues/detailnvdIssue TrackingPatchThird Party Advisory
- gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3anvdIssue TrackingPatchThird Party Advisory
- security.gentoo.org/glsa/201702-04nvdPatchThird Party AdvisoryVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/95374nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037576nvdThird Party AdvisoryVDB Entry
- gnutls.org/security.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2017-0574.htmlnvd
- access.redhat.com/errata/RHSA-2017:2292nvd
News mentions
0No linked articles in our index yet.