A double free flaw was found in the way the certificate verification API was implemented for gnutls. An attacker could cause a client or server application compiled against gnutls to crash by parsing a specially-crafted certificate.
A flaw was found in gnutls 3.5.8 or later. A use-after-free in multi-threaded-clients and a double-free vulnerability in single-threaded clients because _gnutls_x509_get_signature does not clear signature->data in the cleanup path.
Name: Tavis Ormandy (Google Project Zero)
Created gnutls tracking bugs for this issue:
Affects: fedora-all [bug 1693210]
Created mingw-gnutls tracking bugs for this issue:
Affects: fedora-all [bug 1693211]
Upstream patch: https://gitlab.com/gnutls/gnutls/commit/ad27713bef613e6c4600a0fb83ae48c6d390ff5b