View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-7444 severity low: SUSE including 29 source package names (gnutls-3.2.15-16.1, gnutls-3.3.26-9.el7, …), 76 product×package rows across 20 product lines (SUSE Liberty Linux 7, SUSE Linux Enterprise Desktop 12 SP1, … (20 product lines)): Fixed 76.
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.