Denial Of Service (DoS)

2024-04-1102:00:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gnutls vulnerability dos resource consumption certtool crash

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

gnutls is vulnerable to Denial of Service(DoS). The vulnerability is due to excessive resource consumption caused by the “certtool --verify-chain” command when verifying a specially crafted .pem bundle, leading to an application crash.

CPENameOperatorVersion
gnutls:3.18eq3.8.0-r2
gnutls:3.18eq3.8.3-r0
gnutls:3.19eq3.8.3-r0
gnutls:3.19eq3.8.1-r0
gnutls:edgeeq3.8.0-r1
gnutls:edgeeq3.7.5-r0
gnutls:edgeeq3.7.1-r0
gnutls:edgeeq3.7.0-r0
gnutls:edgeeq3.8.0-r2
gnutls:edgeeq3.7.4-r0

Name	Operator	Version
gnutls:3.18	eq	3.8.0-r2
gnutls:3.18	eq	3.8.3-r0
gnutls:3.19	eq	3.8.3-r0
gnutls:3.19	eq	3.8.1-r0
gnutls:edge	eq	3.8.0-r1
gnutls:edge	eq	3.7.5-r0
gnutls:edge	eq	3.7.1-r0
gnutls:edge	eq	3.7.0-r0
gnutls:edge	eq	3.8.0-r2
gnutls:edge	eq	3.7.4-r0