CVE-2022-2509

CVE-2022-2509

Name

CVE-2022-2509

Description

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://access.redhat.com/security/cve/CVE-2022-2509
MISC	https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html
DEBIAN	https://www.debian.org/security/2022/dsa-5203
Mailing List	https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/

Type

URI

MISC

https://access.redhat.com/security/cve/CVE-2022-2509

MISC

https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html

DEBIAN

https://www.debian.org/security/2022/dsa-5203

Mailing List

https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gnu:gnutls::::::::`	gnutls	>= None	< 3.7.7

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*

gnutls

>= None

< 3.7.7

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
gnutls	edge-main	3.7.7-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
gnutls	edge-main	3.7.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
gnutls	edge-main	3.6.15-r0	None	possibly vulnerable
gnutls	edge-main	3.6.14-r0	None	possibly vulnerable
gnutls	edge-main	3.6.13-r0	None	possibly vulnerable
gnutls	edge-main	3.6.7-r0	None	possibly vulnerable
gnutls	edge-main	3.5.13-r0	None	possibly vulnerable
gnutls	3.22-main	3.7.7-r0	None	fixed
gnutls	3.22-main	3.7.1-r0	None	possibly vulnerable
gnutls	3.22-main	3.6.15-r0	None	possibly vulnerable
gnutls	3.22-main	3.6.14-r0	None	possibly vulnerable
gnutls	3.22-main	3.6.13-r0	None	possibly vulnerable
gnutls	3.22-main	3.6.7-r0	None	possibly vulnerable
gnutls	3.22-main	3.5.13-r0	None	possibly vulnerable
gnutls	3.21-main	3.7.7-r0	None	fixed
gnutls	3.21-main	3.7.1-r0	None	possibly vulnerable
gnutls	3.21-main	3.6.15-r0	None	possibly vulnerable
gnutls	3.21-main	3.6.14-r0	None	possibly vulnerable
gnutls	3.21-main	3.6.13-r0	None	possibly vulnerable
gnutls	3.21-main	3.6.7-r0	None	possibly vulnerable
gnutls	3.21-main	3.5.13-r0	None	possibly vulnerable
gnutls	3.20-main	3.7.7-r0	None	fixed
gnutls	3.20-main	3.7.1-r0	None	possibly vulnerable
gnutls	3.20-main	3.6.15-r0	None	possibly vulnerable
gnutls	3.20-main	3.6.14-r0	None	possibly vulnerable
gnutls	3.20-main	3.6.13-r0	None	possibly vulnerable
gnutls	3.20-main	3.6.7-r0	None	possibly vulnerable
gnutls	3.20-main	3.5.13-r0	None	possibly vulnerable
gnutls	3.19-main	3.7.7-r0	None	fixed
gnutls	3.19-main	3.7.1-r0	None	possibly vulnerable
gnutls	3.19-main	3.6.15-r0	None	possibly vulnerable
gnutls	3.19-main	3.6.14-r0	None	possibly vulnerable
gnutls	3.19-main	3.6.13-r0	None	possibly vulnerable
gnutls	3.19-main	3.6.7-r0	None	possibly vulnerable
gnutls	3.19-main	3.5.13-r0	None	possibly vulnerable
gnutls	3.18-main	3.7.7-r0	None	fixed
gnutls	3.17-main	3.7.7-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

gnutls

edge-main

3.7.7-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

gnutls

edge-main