CVE-2022-2509

Name
CVE-2022-2509
Description
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://access.redhat.com/security/cve/CVE-2022-2509
MISC https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html
DEBIAN https://www.debian.org/security/2022/dsa-5203
Mailing List https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* gnutls >= None < 3.7.7

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gnutls 3.13-main 3.7.1-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
gnutls 3.15-main 3.7.1-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
gnutls 3.14-main 3.7.1-r2 Natanael Copa <ncopa@alpinelinux.org> fixed