CVE-2010-0731

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
gnugnutls
𝑥
≤ 1.2.0
gnugnutls
1.0.16
gnugnutls
1.0.17
gnugnutls
1.0.18
gnugnutls
1.0.19
gnugnutls
1.0.20
gnugnutls
1.0.21
gnugnutls
1.0.22
gnugnutls
1.0.23
gnugnutls
1.0.24
gnugnutls
1.0.25
gnugnutls
1.1.13
gnugnutls
1.1.14
gnugnutls
1.1.15
gnugnutls
1.1.16
gnugnutls
1.1.17
gnugnutls
1.1.18
gnugnutls
1.1.19
gnugnutls
1.1.20
gnugnutls
1.1.21
gnugnutls
1.1.22
gnugnutls
1.1.23
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnutls11
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
dapper
ignored
gnutls12
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
dapper
not-affected
gnutls13
karmic
dne
jaunty
dne
intrepid
dne
hardy
not-affected
dapper
dne
gnutls26
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
dne
dapper
dne