The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2010-03-26 11:30
Updated : 2017-09-18 18:30
NVD link : CVE-2010-0731
Mitre link : CVE-2010-0731
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
gnu
- gnutls