Vulnerability CVE-2017-7507

Vulnerability Name:

CVE-2017-7507 (CCN-128676)

Assigned:

2017-06-07

Published:

2017-06-07

Updated:

2018-01-05

Summary:

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2017-7507

Source: DEBIAN
Type: UNKNOWN
DSA-3884

Source: CCN
Type: IBM Security Bulletin T1025769 (PowerKVM)
Vulnerabilities in GnuTLS affect PowerKVM

Source: CCN
Type: IBM Security Bulletin N1022302 (Server Firmware, HMC and SDMC)
Vulnerabilities in GnuTLS affect Power Hardware Management Console

Source: CCN
Type: IBM Security Bulletin 2012330 (Security Access Manager)
IBM Security Access Manager Appliance is affected by GnuTLS vulnerabilities

Source: BID
Type: Third Party Advisory, VDB Entry
99102

Source: CCN
Type: BID-99102
GnuTLS CVE-2017-7507 NULL Pointer Dereference Denial of Service Vulnerability

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2292

Source: XF
Type: UNKNOWN
gnutls-cve20177507-dos(128676)

Source: CCN
Type: GnuTLS Web site
The GnuTLS Transport Layer Security Library

Source: CCN
Type: GNUTLS-SA-2017-4
Crash

Source: CONFIRM
Type: Vendor Advisory
https://www.gnutls.org/security.html#GNUTLS-SA-2017-4

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-7507

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:gnutls:*:*:*:*:*:*:*:* (Version <= 3.5.12)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:gnutls:3.5.13:*:*:*:*:*:*:*

AND

cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager_firmware:9.0.3.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20177507	V	CVE-2017-7507	2022-05-20
oval:org.opensuse.security:def:42184	P	Security update for containerd, docker (Important)	2022-05-16
oval:org.opensuse.security:def:42286	P	Security update for containerd, docker (Important)	2022-05-16
oval:org.opensuse.security:def:58066	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:20530	P	Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP5) (Important)	2021-10-14
oval:org.opensuse.security:def:20518	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:38801	P	Security update for curl (Moderate)	2021-09-23
oval:org.opensuse.security:def:57501	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:57087	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:42115	P	Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)	2021-08-23
oval:org.opensuse.security:def:14476	P	dovecot22-2.2.31-19.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14641	P	libpcre1-32bit-8.39-8.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14820	P	PackageKit-1.1.3-24.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14546	P	libMagickCore-6_Q16-1-6.8.8.1-71.85.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14735	P	perl-YAML-LibYAML-0.38-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14442	P	automake-1.13.4-6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14836	P	audiofile-0.3.6-11.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14597	P	libhogweed2-2.7.1-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14762	P	ruby-2.1-1.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14450	P	bzip2-1.0.6-29.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14617	P	libltdl7-2.4.2-17.4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14809	P	xscreensaver-5.22-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:56051	P	Security update for libsndfile (Critical)	2021-08-05
oval:org.opensuse.security:def:20277	P	Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP4) (Important)	2021-07-15
oval:org.opensuse.security:def:20460	P	Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP5) (Important)	2021-06-18
oval:org.opensuse.security:def:42526	P	enscript-1.6.4-152.22.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11886	P	libgcrypt20-1.6.1-16.33.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12042	P	xf86-video-intel-2.99.917.641_ge4ef6e9-12.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17165	P	gd-32bit-2.1.0-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42578	P	libFLAC++6-1.2.1-68.17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11810	P	gd-2.1.0-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12131	P	grub2-2.02-2.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11933	P	libqt4-32bit-4.8.6-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12067	P	avahi-0.6.32-30.36 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16992	P	ImageMagick-6.8.8.1-5.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17201	P	libreoffice-5.2.5.1-42.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42623	P	libsamplerate-0.1.4-1.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12769	P	conntrack-tools-1.4.2-5.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11818	P	gnome-keyring-3.20.0-27.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11948	P	libssh4-0.6.3-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17077	P	libssh4-0.6.3-8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42652	P	mozilla-xulrunner192-1.9.2.27-0.2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12109	P	finch-2.12.0-1.33 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12791	P	ctdb-4.6.16+git.124.aee309c5c18-3.32.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15474	P	perl-5.18.2-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11840	P	java-1_8_0-openjdk-1.8.0.101-14.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11967	P	libzmq3-4.0.4-6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17134	P	libssh4-0.6.3-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42703	P	squidGuard-1.4-13.6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12118	P	gegl-0_2-0.2.0-14.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15497	P	rsync-3.1.0-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:38110	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:20427	P	Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP5) (Important)	2021-04-28
oval:org.opensuse.security:def:38331	P	Security update for tomcat6 (Important)	2021-04-21
oval:org.opensuse.security:def:39642	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:20243	P	Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP4) (Important)	2021-04-07
oval:org.opensuse.security:def:38434	P	Security update for salt (Critical)	2021-02-26
oval:org.opensuse.security:def:38742	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:20554	P	Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP5) (Important)	2021-02-10
oval:org.opensuse.security:def:20315	P	Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP4) (Important)	2021-02-10
oval:org.opensuse.security:def:54775	P	Security update for MozillaFirefox (Important)	2021-01-12
oval:org.opensuse.security:def:56921	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:54694	P	Security update for spice (Important)	2020-12-16
oval:org.opensuse.security:def:16958	P	python3-urllib3-1.22-3.17.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17311	P	dia-0.97.3-15.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16950	P	polkit-devel-0.113-5.18.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42006	P	libpython2_6-1_0-2.6.0-8.9.20 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42462	P	wget-1.11.4-1.15.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17343	P	libgstfft-1_0-0-32bit-1.8.3-13.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41751	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:18072	P	Security update for gstreamer-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:20056	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12) (Important)	2020-12-01
oval:org.opensuse.security:def:57326	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:38889	P	colord on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:43341	P	Security update for libass (Moderate)	2020-12-01
oval:org.opensuse.security:def:56920	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:58466	P	Security update for openvpn (Important)	2020-12-01
oval:org.opensuse.security:def:53652	P	Security update for python-ipaddress (Important)	2020-12-01
oval:org.opensuse.security:def:54382	P	squashfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38194	P	giflib-progs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38582	P	dracut on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41762	P	Security update for mpfr (Moderate)	2020-12-01
oval:org.opensuse.security:def:17400	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:18098	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:58176	P	Security update for python-Twisted (Moderate)	2020-12-01
oval:org.opensuse.security:def:21192	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:53251	P	Recommended update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:38917	P	libproxy1-networkmanager-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:43386	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:20064	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:58269	P	Security update for python-PyYAML (Important)	2020-12-01
oval:org.opensuse.security:def:58416	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:53252	P	Security update for dovecot23 (Moderate)	2020-12-01
oval:org.opensuse.security:def:53825	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:54490	P	gtk2-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41854	P	Security update for postgresql93 (Important)	2020-12-01
oval:org.opensuse.security:def:17412	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:56943	P	Security update for hostinfo, supportutils (Important)	2020-12-01
oval:org.opensuse.security:def:57610	P	Security update for libvdpau (Moderate)	2020-12-01
oval:org.opensuse.security:def:21218	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:54582	P	libotr5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38098	P	xf86-video-intel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38962	P	libdirectfb-1_7-1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:20099	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:58345	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:58491	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:53274	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:53931	P	bogofilter on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38099	P	xfsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17434	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:57780	P	libXxf86vm1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54656	P	pigz on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56125	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:38850	P	gimp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39600	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:41750	P	Security update for libsndfile (Moderate)	2020-12-01
oval:org.opensuse.security:def:20185	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:58383	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:53414	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:54097	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38492	P	sysconfig on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20172292	P	RHSA-2017:2292: gnutls security, bug fix, and enhancement update (Moderate)	2017-08-01
oval:org.opensuse.security:def:81201	P	Security update for gnutls (Moderate)	2017-07-11
oval:org.opensuse.security:def:78759	P	Security update for gnutls (Moderate)	2017-07-11
oval:com.ubuntu.cosmic:def:201775070000000	V	CVE-2017-7507 on Ubuntu 18.10 (cosmic) - medium.	2017-06-16
oval:com.ubuntu.trusty:def:20177507000	V	CVE-2017-7507 on Ubuntu 14.04 LTS (trusty) - medium.	2017-06-16
oval:com.ubuntu.bionic:def:201775070000000	V	CVE-2017-7507 on Ubuntu 18.04 LTS (bionic) - medium.	2017-06-16
oval:com.ubuntu.artful:def:20177507000	V	CVE-2017-7507 on Ubuntu 17.10 (artful) - medium.	2017-06-16
oval:com.ubuntu.xenial:def:20177507000	V	CVE-2017-7507 on Ubuntu 16.04 LTS (xenial) - medium.	2017-06-16
oval:com.ubuntu.xenial:def:201775070000000	V	CVE-2017-7507 on Ubuntu 16.04 LTS (xenial) - medium.	2017-06-16
oval:com.ubuntu.bionic:def:20177507000	V	CVE-2017-7507 on Ubuntu 18.04 LTS (bionic) - medium.	2017-06-16
oval:com.ubuntu.disco:def:201775070000000	V	CVE-2017-7507 on Ubuntu 19.04 (disco) - medium.	2017-06-16
oval:com.ubuntu.cosmic:def:20177507000	V	CVE-2017-7507 on Ubuntu 18.10 (cosmic) - medium.	2017-06-16

BACK