CVE-2015-6251
gnutls28 - security update
EPSS 6.7%
Description
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.
How to fix CVE-2015-6251
To remediate CVE-2015-6251, upgrade the affected package to a fixed version below.
- Debian/gnutls28—upgrade to 3.3.17-1 or later
- Debian/gnutls28—upgrade to 3.3.8-6+deb8u2 or later
Is CVE-2015-6251 being exploited?
Moderate — EPSS is 6.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 3.3.17-1
- from 0, < 3.3.8-6+deb8u2