Unrated severityNVD Advisory· Published Aug 1, 2022· Updated Dec 2, 2025

CVE-2022-2509

Description

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

Affected products

gnutls/gnutlsdescription
osv-coords44 versions
pkg:apk/chainguard/gnutls pkg:apk/chainguard/gnutls-c++pkg:apk/chainguard/gnutls-c%2B%2B pkg:apk/chainguard/gnutls-dev pkg:apk/chainguard/gnutls-doc pkg:apk/chainguard/gnutls-utils pkg:apk/wolfi/gnutls pkg:apk/wolfi/gnutls-c++pkg:apk/wolfi/gnutls-c%2B%2B pkg:apk/wolfi/gnutls-dev pkg:apk/wolfi/gnutls-doc pkg:apk/wolfi/gnutls-utils pkg:rpm/almalinux/gnutls pkg:rpm/almalinux/gnutls-c%2B%2B pkg:rpm/almalinux/gnutls-dane pkg:rpm/almalinux/gnutls-devel pkg:rpm/almalinux/gnutls-utils pkg:rpm/opensuse/gnutls&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/gnutls&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/gnutls&distro=openSUSE%20Leap%20Micro%205.2 pkg:rpm/opensuse/gnutls&distro=openSUSE%20Tumbleweed pkg:rpm/suse/gnutls&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/gnutls&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/gnutls&distro=SUSE%20Manager%20Proxy%204.1 pkg:rpm/suse/gnutls&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1 pkg:rpm/suse/gnutls&distro=SUSE%20Manager%20Server%204.1
< 0+ 43 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.7.6-12.el9_0
- (no CPE)range: < 3.7.6-12.el9_0
- (no CPE)range: < 3.7.6-12.el9_0
- (no CPE)range: < 3.7.6-12.el9_0
- (no CPE)range: < 3.7.6-12.el9_0
- (no CPE)range: < 3.6.7-150200.14.19.2
- (no CPE)range: < 3.7.3-150400.4.10.1
- (no CPE)range: < 3.6.7-150200.14.19.2
- (no CPE)range: < 3.7.7-1.1
- (no CPE)range: < 3.6.7-150000.6.45.2
- (no CPE)range: < 3.6.7-150200.14.19.2
- (no CPE)range: < 3.6.7-150000.6.45.2
- (no CPE)range: < 3.6.7-150000.6.45.2
- (no CPE)range: < 3.6.7-150200.14.19.2
- (no CPE)range: < 3.6.7-150200.14.19.2
- (no CPE)range: < 3.6.7-150000.6.45.2
- (no CPE)range: < 3.6.7-150000.6.45.2
- (no CPE)range: < 3.6.7-150200.14.19.2
- (no CPE)range: < 3.6.7-150200.14.19.2
- (no CPE)range: < 3.6.7-150200.14.19.2
- (no CPE)range: < 3.7.3-150400.4.10.1
- (no CPE)range: < 3.6.7-150000.6.45.2
- (no CPE)range: < 3.6.7-150000.6.45.2
- (no CPE)range: < 3.6.7-150200.14.19.2
- (no CPE)range: < 3.6.7-150200.14.19.2
- (no CPE)range: < 3.6.7-150000.6.45.2
- (no CPE)range: < 3.6.7-150000.6.45.2
- (no CPE)range: < 3.6.7-150000.6.45.2
- (no CPE)range: < 3.6.7-150200.14.19.2
- (no CPE)range: < 3.6.7-150200.14.19.2
- (no CPE)range: < 3.6.7-150200.14.19.2
- (no CPE)range: < 3.6.7-150200.14.19.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/mitrevendor-advisoryx_refsource_FEDORA
www.debian.org/security/2022/dsa-5203mitrevendor-advisoryx_refsource_DEBIAN
access.redhat.com/security/cve/CVE-2022-2509mitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2022/08/msg00002.htmlmitremailing-listx_refsource_MLIST
lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000