GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
{ "binaries": [ { "binary_name": "gnutls-bin", "binary_version": "3.4.10-4ubuntu1.3" }, { "binary_name": "guile-gnutls", "binary_version": "3.4.10-4ubuntu1.3" }, { "binary_name": "libgnutls-dev", "binary_version": "3.4.10-4ubuntu1.3" }, { "binary_name": "libgnutls-openssl27", "binary_version": "3.4.10-4ubuntu1.3" }, { "binary_name": "libgnutls28-dev", "binary_version": "3.4.10-4ubuntu1.3" }, { "binary_name": "libgnutls30", "binary_version": "3.4.10-4ubuntu1.3" }, { "binary_name": "libgnutlsxx28", "binary_version": "3.4.10-4ubuntu1.3" } ], "availability": "No subscription required" }