git: 7ef67e16cdca - main - security/vuxml: Document double free vulnerability in GnuTLS
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 09 Aug 2022 09:08:08 UTC
The branch main has been updated by yasu:
URL: https://cgit.FreeBSD.org/ports/commit/?id=7ef67e16cdcac38016b3d4ba7e78341e3713ef2a
commit 7ef67e16cdcac38016b3d4ba7e78341e3713ef2a
Author: Yasuhiro Kimura <yasu@FreeBSD.org>
AuthorDate: 2022-08-09 09:01:30 +0000
Commit: Yasuhiro Kimura <yasu@FreeBSD.org>
CommitDate: 2022-08-09 09:07:27 +0000
security/vuxml: Document double free vulnerability in GnuTLS
---
security/vuxml/vuln-2022.xml | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index ab4901131e2d..73ba3098a9ea 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,37 @@
+ <vuln vid="1cd0c17a-17c0-11ed-91a5-080027f5fec9">
+ <topic>gnutls -- double free vulnerability</topic>
+ <affects>
+ <package>
+ <name>gnutls</name>
+ <range><ge>3.6.0</ge><lt>3.7.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The GnuTLS project reports:</p>
+ <blockquote cite="https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07">
+ <p>
+ When gnutls_pkcs7_verify cannot verify signature against
+ given trust list, it starts creating a chain of
+ certificates starting from identified signer up to known
+ root. During the creation of this chain the signer
+ certificate gets freed which results in double free when
+ the same signer certificate is freed at the end of the
+ algorithm.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-2509</cvename>
+ <url>https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07</url>
+ </references>
+ <dates>
+ <discovery>2022-07-07</discovery>
+ <entry>2022-08-09</entry>
+ </dates>
+ </vuln>
+
<vuln vid="9b9a5f6e-1755-11ed-adef-589cfc01894a">
<topic>wolfssl -- multiple issues</topic>
<affects>