suse · CVE-2017-5335

Quick triage

Priority: medium Published: 2021-05-30 13:52:07 UTC Updated: 2025-03-25 01:00:57 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-5335 severity moderate: SUSE including 40 source package names (gnutls, gnutls-2.4.1-24.39.67.1, …), 101 product×package rows across 27 product lines (SUSE Liberty Linux 7, SUSE Linux Enterprise Desktop 12 SP1, … (27 product lines)): Fixed 97, Known Not Affected 4.

Description:

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

cvelogic Threat Intelligence