CVE-2017-7869
7.5
HIGH
CVSS 3.1
EPSS 0.70%
Description
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
How to fix CVE-2017-7869
To remediate CVE-2017-7869, upgrade the affected package to a fixed version below.
- Debian/gnutls28—upgrade to 3.5.8-4 or later
Is CVE-2017-7869 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.5.8-4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |