Strix
26.1K

CVE-2010-0731

UnknownEPSS 2.94%

Last modified

CVE-2010-0731 is a vulnerability of currently unknown severity. The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.. EPSS estimates a 2.94% chance of exploitation in the next 30 days.

Description

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.

Metrics

EPSS Probability
2.94%

85.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
GnuGnutls<= 1.2.0
GnuGnutls1.0.16
GnuGnutls1.0.17
GnuGnutls1.0.18
GnuGnutls1.0.19
GnuGnutls1.0.20
GnuGnutls1.0.21
GnuGnutls1.0.22
GnuGnutls1.0.23
GnuGnutls1.0.24
GnuGnutls1.0.25
GnuGnutls1.1.13
GnuGnutls1.1.14
GnuGnutls1.1.15
GnuGnutls1.1.16
GnuGnutls1.1.17
GnuGnutls1.1.18
GnuGnutls1.1.19
GnuGnutls1.1.20
GnuGnutls1.1.21
GnuGnutls1.1.22
GnuGnutls1.1.23

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-0731?
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
How severe is CVE-2010-0731?
Severity scoring for CVE-2010-0731 is pending analysis. The EPSS model estimates a 2.94% probability of exploitation in the next 30 days.
How do I fix CVE-2010-0731?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-0731?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST