{"containers": {"cna": {"affected": [{"product": "GnuTLS", "vendor": "n/a", "versions": [{"status": "affected", "version": "gnutls 3.7.7(Fixed)"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function."}], "problemTypes": [{"descriptions": [{"description": "Double Free", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-14T04:06:13", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2022-2509"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html"}, {"name": "DSA-5203", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5203"}, {"name": "[debian-lts-announce] 20220812 [SECURITY] [DLA 3070-1] gnutls28 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html"}, {"name": "FEDORA-2022-5470992bfc", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-2509", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GnuTLS", "version": {"version_data": [{"version_value": "gnutls 3.7.7(Fixed)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Double Free"}]}]}, "references": {"reference_data": [{"name": "https://access.redhat.com/security/cve/CVE-2022-2509", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2022-2509"}, {"name": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html", "refsource": "MISC", "url": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html"}, {"name": "DSA-5203", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5203"}, {"name": "[debian-lts-announce] 20220812 [SECURITY] [DLA 3070-1] gnutls28 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html"}, {"name": "FEDORA-2022-5470992bfc", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:07.997Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2022-2509"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html"}, {"name": "DSA-5203", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5203"}, {"name": "[debian-lts-announce] 20220812 [SECURITY] [DLA 3070-1] gnutls28 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html"}, {"name": "FEDORA-2022-5470992bfc", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2509", "datePublished": "2022-08-01T14:01:10", "dateReserved": "2022-07-22T00:00:00", "dateUpdated": "2024-08-03T00:39:07.997Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*", "matchCriteriaId": "8704EA12-AC39-4E61-808D-D24D017CF541", "versionEndExcluding": "3.7.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function."}, {"lang": "es", "value": "Una vulnerabilidad encontrada en gnutls. Este fallo de seguridad es producida por un error de doble liberaci\u00f3n durante la verificaci\u00f3n de firmas pkcs7 en la funci\u00f3n gnutls_pkcs7_verify"}], "id": "CVE-2022-2509", "lastModified": "2024-11-21T07:01:08.500", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-01T14:15:09.890", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-2509"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Release Notes", "Vendor Advisory"], "url": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5203"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-2509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Release Notes", "Vendor Advisory"], "url": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5203"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:7105", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnutls-0:3.6.16-5.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:7105", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnutls-0:3.6.16-5.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:6854", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "gnutls-0:3.7.6-12.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-10-11T00:00:00Z"}, {"advisory": "RHSA-2022:6854", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "gnutls-0:3.7.6-12.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-10-11T00:00:00Z"}], "bugzilla": {"description": "gnutls: Double free during gnutls_pkcs7_verify", "id": "2108977", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108977"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.", "A vulnerability was found in gnutls. This issue is due to a double-free error that occurs during the verification of pkcs7 signatures in the gnutls_pkcs7_verify function."], "name": "CVE-2022-2509", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "gnutls", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "gnutls", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2509\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2509\nhttps://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07\nhttps://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html"], "statement": "This flaw is rated as moderate because the flaw is more difficult to exploit but could still lead to some compromise of the availability of resources under certain circumstances. This is the type of vulnerability that could have had an important impact but is less easily exploited based on a technical evaluation of the flaw, and affect unlikely configurations.", "threat_severity": "Moderate", "upstream_fix": "gnutls 3.7.7"}