Critical severity9.8NVD Advisory· Published Mar 24, 2017· Updated May 13, 2026
CVE-2017-5337
CVE-2017-5337
Description
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
Affected products
11cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*range: <=3.3.25
- cpe:2.3:a:gnu:gnutls:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.openwall.com/lists/oss-security/2017/01/10/7nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2017/01/11/4nvdMailing ListPatchThird Party Advisory
- bugs.chromium.org/p/oss-fuzz/issues/detailnvdIssue TrackingPatchThird Party Advisory
- bugs.chromium.org/p/oss-fuzz/issues/detailnvdIssue TrackingPatchThird Party Advisory
- gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1anvdIssue TrackingPatchThird Party Advisory
- security.gentoo.org/glsa/201702-04nvdPatchThird Party AdvisoryVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/95372nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037576nvdThird Party AdvisoryVDB Entry
- gnutls.org/security.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2017-0574.htmlnvd
- access.redhat.com/errata/RHSA-2017:2292nvd
News mentions
0No linked articles in our index yet.