gnutls: use-after-free flaw (CVE-2015-3308)
A use-after-free flaw was found in the way GnuTLS parsed CRL distribution points. A specially crafted certificate could cause an application using GnuTLS to crash.
The affected function, gnutls_x509_ext_import_crl_dist_points(), was introduced in GnuTLS version 3.3.0. Fixed in 3.3.14.
References:
http://seclists.org/oss-sec/2015/q2/174
CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1212459
CONFIRM:
https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
CONFIRM:
https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02
(from redmine: issue id 4199, created on 2015-05-18, closed on 2015-05-22)
- Relations:
- child #4200 (closed)
- child #4201 (closed)