A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

Affected configurations

NVD

Node

gnugnutlsRange<3.7.7

Node

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

Node

fedoraprojectfedoraMatch35

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

References

access.redhat.com/security/cve/CVE-2022-2509

lists.debian.org/debian-lts-announce/2022/08/msg00002.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/

lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html

www.debian.org/security/2022/dsa-5203

nessus 28

suse 3

altlinux 2

openvas 22

cvelist 1

oraclelinux 2

ibm 8

slackware 1

ubuntucve 1

osv 8

redhatcve 1

debiancve 1

veracode 1

fedora 2

prion 1

almalinux 2

cbl_mariner 2

debian 2

freebsd 1

mageia 1

redhat 26

cve 1

rocky 2

cloudfoundry 1

ubuntu 1

rosalinux 1

photon 3

oracle 1

ics 1

avleonov 1

nessus

SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2022:2882-1)

2022-08-25 00:00:00

AlmaLinux 9 : gnutls and nettle (ALSA-2022:6854)

2022-11-16 00:00:00

RHEL 8 : gnutls (RHSA-2022:7105)

2022-10-25 00:00:00

suse

Security update for gnutls (important)

2022-08-26 00:00:00

Security update for gnutls (important)

2022-09-01 00:00:00

Security update for gnutls (important)

2022-08-24 00:00:00

altlinux

Security fix for the ALT Linux 9 package gnutls30 version 3.6.16-alt2

2022-08-11 00:00:00

Security fix for the ALT Linux 10 package gnutls30 version 3.6.16-alt2

2022-08-05 00:00:00

openvas

Fedora: Security Advisory for gnutls (FEDORA-2022-0156c442d0)

2022-08-01 00:00:00

Fedora: Security Advisory for gnutls (FEDORA-2022-5470992bfc)

2022-08-15 00:00:00

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2022-2461)

2022-10-10 00:00:00

cvelist

CVE-2022-2509

2022-08-01 14:01:10

oraclelinux

gnutls and nettle security, bug fix, and enhancement update

2022-10-11 00:00:00

gnutls security update

2022-10-26 00:00:00

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GnuTLS (CVE-2022-2509)

2023-03-31 16:53:05

Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway

2022-12-15 17:59:22

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Expat, SQlite, libxml2, Libksba, zlib and GnuTLS

2022-11-30 08:48:28

slackware

[slackware-security] gnutls

2022-07-29 20:03:24

ubuntucve

CVE-2022-2509

2022-08-01 00:00:00

osv

CVE-2022-2509

2022-08-01 14:15:09

Moderate: gnutls and nettle security, bug fix, and enhancement update

2022-10-11 07:10:20

Moderate: gnutls and nettle security, bug fix, and enhancement update

2022-10-11 00:00:00

redhatcve

CVE-2022-2509

2022-07-29 09:41:56

debiancve

CVE-2022-2509

2022-08-01 14:15:09

veracode

Denial Of Service (DoS)

2022-08-03 10:34:13

fedora

[SECURITY] Fedora 35 Update: gnutls-3.7.7-1.fc35

2022-08-14 03:01:33

[SECURITY] Fedora 36 Update: gnutls-3.7.7-1.fc36

2022-07-31 01:38:42

prion

Double free

2022-08-01 14:15:00

almalinux

Moderate: gnutls security update

2022-10-25 00:00:00

Moderate: gnutls and nettle security, bug fix, and enhancement update

2022-10-11 00:00:00

cbl_mariner

CVE-2022-2509 affecting package gnutls 3.6.14-7

2022-12-27 17:55:44

CVE-2022-2509 affecting package gnutls for versions less than 3.7.7-1

2022-08-31 06:17:56

debian

[SECURITY] [DSA 5203-1] gnutls28 security update

2022-08-08 19:26:09

[SECURITY] [DLA 3070-1] gnutls28 security update

2022-08-11 10:53:57

freebsd

gnutls -- double free vulnerability

2022-07-07 00:00:00

mageia

Updated gnutls packages fix security vulnerability

2022-08-26 00:21:07

redhat

(RHSA-2022:6854) Moderate: gnutls and nettle security, bug fix, and enhancement update

2022-10-11 07:10:20

(RHSA-2022:7105) Moderate: gnutls security update

2022-10-25 07:22:40

(RHSA-2022:7407) Moderate: Service Binding Operator 1.3.1 security update

2022-11-03 13:07:58

cve

CVE-2022-2509

2022-08-01 14:15:09

rocky

gnutls security update

2022-10-25 07:22:40

gnutls and nettle security, bug fix, and enhancement update

2022-10-11 07:10:20

cloudfoundry

USN-5550-1: GnuTLS vulnerabilities | Cloud Foundry

2022-08-25 00:00:00

ubuntu

GnuTLS vulnerabilities

2022-08-04 00:00:00

rosalinux

Advisory ROSA-SA-2023-2298

2023-11-21 12:51:04

photon

Important Photon OS Security Update - PHSA-2022-0232

2022-08-18 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0232

2022-08-18 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0445

2022-09-05 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

avleonov

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

2022-12-30 18:03:13

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

55.8%

JSON

Related for NVD:CVE-2022-2509

nessus28 suse3 altlinux2 openvas22 cvelist1 oraclelinux2 ibm8 slackware1 ubuntucve1 osv8 redhatcve1 debiancve1 veracode1 fedora2 prion1 almalinux2 cbl_mariner2 debian2 freebsd1 mageia1 redhat26 cve1 rocky2 cloudfoundry1 ubuntu1 rosalinux1 photon3 oracle1 ics1 avleonov1