Nixpkgs security tracker
Untriaged
Permalink
CVE-2024-28835
5.0 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Gnutls: potential crash during chain building/verification
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
References
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/03/22/1 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/03/22/2 x_transferred
Affected products
gnutls
- ==3.8.4
- *
- ==3.8.3
Matching in nixpkgs
pkgs.gnutls
GNU Transport Layer Security Library
pkgs.guile-gnutls
Guile bindings for GnuTLS library
pkgs.python311Packages.python3-gnutls
Python wrapper for the GnuTLS library
-
nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10
pkgs.python312Packages.python3-gnutls
Python wrapper for the GnuTLS library
-
nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10
pkgs.python313Packages.python3-gnutls
Python wrapper for the GnuTLS library
Package maintainers
-
@vcunat Vladimír Čunát <v@cunat.cz>
-
@foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>
-
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>