GnuTLS -- double free, invalid pointer access
The GnuTLS project reports:
- Tavis Ormandy from Google Project Zero found a memory
corruption (double free) vulnerability in the certificate
verification API. Any client or server application that verifies
X.509 certificates with GnuTLS 3.5.8 or later is affected.
- It was found using the TLS fuzzer tools that decoding a
malformed TLS1.3 asynchronous message can cause a server crash
via an invalid pointer access. The issue affects GnuTLS server
applications since 3.6.4.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright