CVE-2017-5337
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-5337
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5337.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-5337
- Downstream
- Related
- Published
- 2017-03-24T15:59:00Z
- Modified
- 2025-10-26T12:00:47.355006Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2017-0574.html
- http://www.openwall.com/lists/oss-security/2017/01/10/7
- http://www.openwall.com/lists/oss-security/2017/01/11/4
- http://www.securityfocus.com/bid/95372
- http://www.securitytracker.com/id/1037576
- https://access.redhat.com/errata/RHSA-2017:2292
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346
- https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a
- https://gnutls.org/security.html#GNUTLS-SA-2017-2
- https://security.gentoo.org/glsa/201702-04
Affected packages
Git / github.com/gnutls/gnutls
Git / gitlab.com/gnutls/gnutls
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.com/gnutls/gnutls
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
gnutls-0-0-7
gnutls-0-1-0-srp
gnutls-0_1_2
gnutls-3_0_12
gnutls0-0-4
gnutls0-0-5
gnutls0-0-6
gnutls_0_1_4
gnutls_0_1_9
gnutls_0_2_0
gnutls_0_2_1
gnutls_0_2_10
gnutls_0_2_11
gnutls_0_2_2
gnutls_0_2_3
gnutls_0_2_4
gnutls_0_2_9
gnutls_0_2_90
gnutls_0_2_91
gnutls_0_3_0
gnutls_0_3_1
gnutls_0_3_2
gnutls_0_3_90
gnutls_0_3_91
gnutls_0_3_92
gnutls_0_4_0
gnutls_0_4_1
gnutls_0_4_2
gnutls_0_4_3
gnutls_0_4_with_libtasn1
gnutls_0_5_0
gnutls_0_5_1
gnutls_0_5_10
gnutls_0_5_11
gnutls_0_5_4
gnutls_0_5_5
gnutls_0_5_6
gnutls_0_5_7
gnutls_0_5_8
gnutls_0_5_9
gnutls_0_5_x_before_export_ciphersuites
gnutls_0_5_x_before_int_fixes
gnutls_0_5_x_before_types_change
gnutls_0_5_x_with_export_ciphersuites
gnutls_0_6_0
gnutls_0_8_0
gnutls_0_8_1
gnutls_0_9_1
gnutls_0_9_2
gnutls_0_9_3
gnutls_0_9_4
gnutls_0_9_5
gnutls_0_9_6
gnutls_0_9_7
gnutls_0_9_8
gnutls_0_9_90
gnutls_0_9_91
gnutls_0_9_92
gnutls_0_9_93
gnutls_0_9_94
gnutls_0_9_95
gnutls_0_9_96
gnutls_0_9_97
gnutls_0_9_98
gnutls_0_9_99
gnutls_1_0_0
gnutls_1_0_20
gnutls_1_0_21
gnutls_1_0_22
gnutls_1_0_23
gnutls_1_0_24
gnutls_1_0_25
gnutls_1_1_0
gnutls_1_1_1
gnutls_1_1_10
gnutls_1_1_11
gnutls_1_1_12
gnutls_1_1_13
gnutls_1_1_14
gnutls_1_1_15
gnutls_1_1_16
gnutls_1_1_17
gnutls_1_1_18
gnutls_1_1_19
gnutls_1_1_2
gnutls_1_1_20
gnutls_1_1_21
gnutls_1_1_22
gnutls_1_1_23
gnutls_1_1_3
gnutls_1_1_4
gnutls_1_1_5
gnutls_1_1_6
gnutls_1_1_7
gnutls_1_1_7_pre0
gnutls_1_1_8
gnutls_1_1_9
gnutls_1_2_0
gnutls_1_2_1
gnutls_1_2_10
gnutls_1_2_11
gnutls_1_2_2
gnutls_1_2_3
gnutls_1_2_4
gnutls_1_2_5
gnutls_1_2_6
gnutls_1_2_7
gnutls_1_2_8
gnutls_1_2_9
gnutls_1_3_0
gnutls_1_3_1
gnutls_1_3_2
gnutls_1_3_3
gnutls_1_3_4
gnutls_1_3_5
gnutls_1_4_0
gnutls_1_4_1
gnutls_1_4_2
gnutls_1_5_0
gnutls_1_5_1
gnutls_1_5_2
gnutls_1_5_3
gnutls_1_5_4
gnutls_1_5_5
gnutls_1_6_0
gnutls_1_6_1
gnutls_1_7_0
gnutls_1_7_1
gnutls_1_7_10
gnutls_1_7_11
gnutls_1_7_12
gnutls_1_7_13
gnutls_1_7_14
gnutls_1_7_15
gnutls_1_7_16
gnutls_1_7_17
gnutls_1_7_18
gnutls_1_7_19
gnutls_1_7_2
gnutls_1_7_3
gnutls_1_7_4
gnutls_1_7_5
gnutls_1_7_6
gnutls_1_7_7
gnutls_1_7_8
gnutls_1_7_9
gnutls_2_0_0
gnutls_2_0_1
gnutls_2_11_3
gnutls_2_11_4
gnutls_2_11_5
gnutls_2_11_6
gnutls_2_1_0
gnutls_2_1_1
gnutls_2_1_2
gnutls_2_1_3
gnutls_2_1_4
gnutls_2_1_5
gnutls_2_1_6
gnutls_2_1_7
gnutls_2_1_8
gnutls_2_3_0
gnutls_2_3_1
gnutls_2_3_10
gnutls_2_3_11
gnutls_2_3_12
gnutls_2_3_13
gnutls_2_3_14
gnutls_2_3_15
gnutls_2_3_2
gnutls_2_3_3
gnutls_2_3_4
gnutls_2_3_4_netconf_0
gnutls_2_3_4_netconf_1
gnutls_2_3_4_netconf_2
gnutls_2_3_5
gnutls_2_3_6
gnutls_2_3_7
gnutls_2_3_8
gnutls_2_3_9
gnutls_2_4_0
gnutls_2_5_0
gnutls_2_5_1
gnutls_2_5_2
gnutls_2_5_3
gnutls_2_5_4
gnutls_2_5_5
gnutls_2_5_6
gnutls_2_5_7
gnutls_2_5_8
gnutls_2_5_9
gnutls_2_7_0
gnutls_2_7_1
gnutls_2_7_10
gnutls_2_7_11
gnutls_2_7_12
gnutls_2_7_13
gnutls_2_7_14
gnutls_2_7_2
gnutls_2_7_3
gnutls_2_7_4
gnutls_2_7_5
gnutls_2_7_6
gnutls_2_7_7
gnutls_2_7_8
gnutls_2_7_9
gnutls_2_8_0
gnutls_2_99_0
gnutls_2_99_1
gnutls_2_99_2
gnutls_2_99_3
gnutls_2_99_4
gnutls_2_9_0
gnutls_2_9_1
gnutls_2_9_10
gnutls_2_9_2
gnutls_2_9_3
gnutls_2_9_4
gnutls_2_9_5
gnutls_2_9_6
gnutls_2_9_7
gnutls_2_9_8
gnutls_2_9_9
gnutls_3_0_0
gnutls_3_0_10
gnutls_3_0_11
gnutls_3_0_13
gnutls_3_0_14
gnutls_3_0_15
gnutls_3_0_16
gnutls_3_0_17
gnutls_3_0_18
gnutls_3_0_2
gnutls_3_0_21
gnutls_3_0_3
gnutls_3_0_4
gnutls_3_0_5
gnutls_3_0_6
gnutls_3_0_7
gnutls_3_0_8
gnutls_3_0_9
gnutls_3_1_0
gnutls_3_1_0pre0
gnutls_3_1_2
gnutls_3_1_3
gnutls_3_1_4
gnutls_3_1_5
gnutls_3_1_6
gnutls_3_1_7
gnutls_3_1_8
gnutls_3_1_9
gnutls_3_2_0
gnutls_3_2_2
gnutls_3_2_3
gnutls_3_2_3pre0
gnutls_3_2_4
gnutls_3_2_5
gnutls_3_2_6
gnutls_3_3_0
gnutls_3_3_1
gnutls_3_3_2
gnutls_3_3_3
gnutls_3_3_4
gnutls_3_3_5
gnutls_3_3_6
gnutls_3_4_0
gnutls_3_4_1
gnutls_3_4_2
gnutls_3_4_3
gnutls_3_5_0
gnutls_3_5_1
gnutls_3_5_2
gnutls_3_5_3
gnutls_3_5_4
gnutls_3_5_5
gnutls_3_5_7
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "34316826050325807286257102503133027334",
"length": 1221.0
},
"signature_type": "Function",
"target": {
"function": "read_attribute",
"file": "lib/opencdk/read-packet.c"
},
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@94fcf1645ea17223237aaf8d19132e004afddc1a",
"signature_version": "v1",
"id": "CVE-2017-5337-17caa5a1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"155854010347857455929637180497948167649",
"129826789405367421266673420226055203432",
"85619286324533141014977893827304376546",
"43460310134364866870336876598770311694",
"103696513081154491635951662116019124472",
"36562559203923717243070322186774955885",
"104803504453980401914426414084749863029",
"263668351692199783737246135007796435838",
"233518112391343654507650639339066015488",
"224908140920710801821669837437840641513",
"123325277111586797667413770654112908445",
"142808787265784835326519161014312124161",
"205270665860039296394282494908470876592",
"217798603298426714915125044238156905403",
"54585905776301594915369957147639303497",
"312608799009702900848524824449325619157",
"131908739653057702324864006699870620055",
"100904059689255290252073749712219041178",
"261027178440775222684962619189307445458",
"172846092304523496738584916977883367388",
"329946323999842406853121444995955007998",
"155765693883445006227153407311359077193",
"286138277281671229534890957030444519072",
"219630002001039515136696635413466307476",
"71417650207818203308056053528499458743",
"274357801457805551029378982574274880769",
"91555177254400981999589871323277743395",
"187894839585079895863654723688686775397",
"317388249487147175905803090669749166997",
"92482746881640266734323517228148780129",
"82712562824336227400401060452140644989",
"154984291061868285071029139344859519064",
"273332125035542316030059607738078609700",
"246248504322481078017806571502797101131",
"334034405076537999037516634451095565180",
"308572316954035808055712414512381330742",
"286445900054720561907490305293670518518",
"295257275005228754391686652687262666635",
"266675769579695579387374957192776015877",
"211438260322472824424898828293262899350",
"85535847345663056570588441446946122063"
]
},
"signature_type": "Line",
"target": {
"file": "lib/opencdk/read-packet.c"
},
"deprecated": false,
"source": "https://gitlab.com/gnutls/gnutls@94fcf1645ea17223237aaf8d19132e004afddc1a",
"signature_version": "v1",
"id": "CVE-2017-5337-2d2b89e8"
}
]