Search for vulnerabilities
Vulnerability details: VCID-jtkx-8qe5-aaap
Vulnerability ID VCID-jtkx-8qe5-aaap
Aliases CVE-2017-7507
Summary GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7507.html
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7507.json
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.02061 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.03568 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.22244 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.22244 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.22244 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.22244 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.22244 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.22244 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.28451 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.28451 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.28451 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.28451 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
epss 0.28451 https://api.first.org/data/v1/epss?cve=CVE-2017-7507
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1454621
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7507
generic_textual Medium https://gnutls.org/security.html#GNUTLS-SA-2017-4
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2017-7507
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-7507
archlinux Medium https://security.archlinux.org/AVG-294
archlinux Medium https://security.archlinux.org/AVG-295
generic_textual Low https://ubuntu.com/security/notices/USN-3318-1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7507.html
https://access.redhat.com/errata/RHSA-2017:2292
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7507.json
https://api.first.org/data/v1/epss?cve=CVE-2017-7507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7507
https://gnutls.org/security.html#GNUTLS-SA-2017-4
https://ubuntu.com/security/notices/USN-3318-1
https://www.gnutls.org/security.html#GNUTLS-SA-2017-4
http://www.debian.org/security/2017/dsa-3884
http://www.securityfocus.com/bid/99102
1454621 https://bugzilla.redhat.com/show_bug.cgi?id=1454621
864560 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864560
ASA-201706-12 https://security.archlinux.org/ASA-201706-12
ASA-201707-6 https://security.archlinux.org/ASA-201707-6
AVG-294 https://security.archlinux.org/AVG-294
AVG-295 https://security.archlinux.org/AVG-295
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
CVE-2017-7507 https://nvd.nist.gov/vuln/detail/CVE-2017-7507
GLSA-201710-15 https://security.gentoo.org/glsa/201710-15
USN-3318-1 https://usn.ubuntu.com/3318-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7507.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7507
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7507
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.67289
EPSS Score 0.00611
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.