FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gnutls -- double free vulnerability

Affected packages
3.6.0 <= gnutls < 3.7.7

Details

VuXML ID 1cd0c17a-17c0-11ed-91a5-080027f5fec9
Discovery 2022-07-07
Entry 2022-08-09

The GnuTLS project reports:

When gnutls_pkcs7_verify cannot verify signature against given trust list, it starts creating a chain of certificates starting from identified signer up to known root. During the creation of this chain the signer certificate gets freed which results in double free when the same signer certificate is freed at the end of the algorithm.

References

CVE Name CVE-2022-2509
URL https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07