Unknown
CVE-2010-0731
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- gnu
Products
- gnutls,
- gnutls 1.0.16,
- gnutls 1.0.17,
- gnutls 1.0.18,
- gnutls 1.0.19,
- gnutls 1.0.20,
- gnutls 1.0.21,
- gnutls 1.0.22,
- gnutls 1.0.23,
- gnutls 1.0.24,
- gnutls 1.0.25,
- gnutls 1.1.13,
- gnutls 1.1.14,
- gnutls 1.1.15,
- gnutls 1.1.16,
- gnutls 1.1.17,
- gnutls 1.1.18,
- gnutls 1.1.19,
- gnutls 1.1.20,
- gnutls 1.1.21,
- gnutls 1.1.22,
- gnutls 1.1.23
References
Advisory
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
