Critical severity9.8NVD Advisory· Published Mar 24, 2017· Updated Jun 17, 2026
CVE-2017-5337
CVE-2017-5337
Description
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
25cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*range: <=3.3.25
- cpe:2.3:a:gnu:gnutls:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:3.5.7:*:*:*:*:*:*:*
- Range: <3.3.26, <3.5.8
- osv-coords13 versionspkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2011%20SP4pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
< 3.2.15-16.1+ 12 more
- (no CPE)range: < 3.2.15-16.1
- (no CPE)range: < 3.2.15-16.1
- (no CPE)range: < 2.4.1-24.39.67.1
- (no CPE)range: < 2.4.1-24.39.67.1
- (no CPE)range: < 3.2.15-16.1
- (no CPE)range: < 3.2.15-16.1
- (no CPE)range: < 3.2.15-16.1
- (no CPE)range: < 2.4.1-24.39.67.1
- (no CPE)range: < 3.2.15-16.1
- (no CPE)range: < 3.2.15-16.1
- (no CPE)range: < 2.4.1-24.39.67.1
- (no CPE)range: < 3.2.15-16.1
- (no CPE)range: < 3.2.15-16.1
Patches
Vulnerability mechanics
References
12- www.openwall.com/lists/oss-security/2017/01/10/7nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2017/01/11/4nvdMailing ListPatchThird Party Advisory
- bugs.chromium.org/p/oss-fuzz/issues/detailnvdIssue TrackingPatchThird Party Advisory
- bugs.chromium.org/p/oss-fuzz/issues/detailnvdIssue TrackingPatchThird Party Advisory
- gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1anvdIssue TrackingPatchThird Party Advisory
- security.gentoo.org/glsa/201702-04nvdPatchThird Party AdvisoryVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/95372nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037576nvdThird Party AdvisoryVDB Entry
- gnutls.org/security.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2017-0574.htmlnvd
- access.redhat.com/errata/RHSA-2017:2292nvd
News mentions
0No linked articles in our index yet.