Monday, August 1, 2022
HomeCyber SecurityGnuTLS patches reminiscence mismanagement bug – replace now! – Bare Safety

GnuTLS patches reminiscence mismanagement bug – replace now! – Bare Safety


One of the best-known cryptographic library within the open-source world is sort of definitely OpenSSL.

Firstly, it’s probably the most widely-used, to the purpose that the majority builders on most platforms have heard of it even when they haven’t used it immediately.

Secondly, it’s in all probability essentially the most widely-publicised, sadly due to a quite nasty bug generally known as Heartbleed that was found greater than eight years in the past.

Regardless of being patched promptly (and regardless of dependable workarounds current for builders who couldn’t or wouldn’t replace their weak OpenSSL variations shortly), Heartbleed stays a kind of “showcase” bug, not least as a result of it was one of many first bugs to be changed into an aggressive PR car by its discoverers.

With a formidable identify, a emblem all of its personal, and a devoted web site, Heartbleed shortly grew to become a world cybersecurity superstory, and, for higher or worse, grew to become inextricably linked with mentions of the identify OpenSSL, as if the hazard of the bug lived on even after it had been excised from the code.

Life past OpenSSL

However there are a number of different open-source cryptographic libraries which might be extensively used in addition to or as an alternative of OpenSSL, notably together with Mozilla’s NSS (brief for Community Safety Providers) and the GNU challenge’s GnuTLS library.

Because it occurs, GnuTLS simply patched a bug generally known as CVE-2022-2509, reported within the challenge’s safety advisory GNUTLS-SA-2022-07-07.

This patch fixes a reminiscence mismanagement error generally known as a double-free.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments