CVE-2016-7444
7.5
HIGH
CVSS 3.1
EPSS 1.4%
Description
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
How to fix CVE-2016-7444
To remediate CVE-2016-7444, upgrade the affected package to a fixed version below.
- Alpine/gnutls—upgrade to 3.4.5-r1 or later
- —upgrade to 3.5.3-4 or later
Is CVE-2016-7444 being exploited?
Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.4.5-r1
- from 0, < 3.5.3-4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |