Vulnerability CVE-2022-2509: Information
Description
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| gnutls30 | sisyphus | 3.7.7-alt1 | 3.8.4-alt1 | ALT-PU-2022-2336-1 | 304668 | Fixed |
| gnutls30 | sisyphus_e2k | 3.7.7-alt1 | 3.8.4-alt1 | ALT-PU-2022-5762-1 | - | Fixed |
| gnutls30 | sisyphus_riscv64 | 3.7.7-alt1 | 3.8.4-alt1 | ALT-PU-2022-5682-1 | - | Fixed |
| gnutls30 | p10 | 3.6.16-alt2 | 3.6.16-alt6 | ALT-PU-2022-2352-1 | 304672 | Fixed |
| gnutls30 | p10_e2k | 3.6.16-alt2 | 3.6.16-alt6 | ALT-PU-2022-5702-1 | - | Fixed |
| gnutls30 | p9 | 3.6.16-alt2 | 3.6.16-alt6 | ALT-PU-2022-2422-1 | 304673 | Fixed |
| gnutls30 | p9_e2k | 3.6.16-alt2 | 3.6.16-alt3 | ALT-PU-2022-6120-1 | - | Fixed |
| gnutls30 | c10f1 | 3.6.16-alt2 | 3.6.16-alt6 | ALT-PU-2022-2352-1 | 304672 | Fixed |
| gnutls30 | c9f2 | 3.6.16-alt3 | 3.6.16-alt5 | ALT-PU-2023-1356-1 | 315633 | Fixed |
| gnutls30 | p11 | 3.7.7-alt1 | 3.8.4-alt1 | ALT-PU-2022-2336-1 | 304668 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://access.redhat.com/security/cve/CVE-2022-2509 |
|
| https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html |
|
| DSA-5203 |
|
| [debian-lts-announce] 20220812 [SECURITY] [DLA 3070-1] gnutls28 security update |
|
| FEDORA-2022-5470992bfc |