The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
Published 2010-03-26 18:30:00
Updated 2017-09-19 01:30:29
Source Red Hat, Inc.
View at NVD,   CVE.org
Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2010-0731

Probability of exploitation activity in the next 30 days: 3.94%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-0731

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST

CWE ids for CVE-2010-0731

References for CVE-2010-0731

Products affected by CVE-2010-0731

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!