SSL: GnuTLS Proxy Certificate Information Extension Memory Corruption
A memory corruption vulnerability has been reported in the GnuTLS library. Successful exploitation could result in arbitrary code execution in the context of the target application.
Extended Description
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
Affected Products
Gnu gnutls
References
CVE: CVE-2017-5334
Short Name
SSL:GNTUTLS-PROXY-MEM-COR
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SSL
Keywords
CVE-2017-5334 Certificate Corruption Extension GnuTLS Information Memory Proxy
Release Date
04/06/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Opensuse
Gnu
CVSS Score
7.5