Problemunvalidated
GnuTLS contains a double-free vulnerability (CVE-2022-2509) in the _gnutls_write_new_othername function — when exporting otherName subject alternative names (SAN) extensions in X.509 certificates. Tension: When ASN.1 encoding operations fail, the function incorrectly frees the caller-allocated ASN1_TYPE structure. Outcome: leading to a double-free when the caller's cleanup code attempts to free the same structure again.
7c9eb8cf-b29d-495b-9b30-4999a283c8bb
GnuTLS contains a double-free vulnerability (CVE-2022-2509) in the _gnutls_write_new_othername function — when exporting otherName subject alternative names (SAN) extensions in X.509 certificates. Tension: When ASN.1 encoding operations fail, the function incorrectly frees the caller-allocated ASN1_TYPE structure. Outcome: leading to a double-free when the caller's cleanup code attempts to free the same structure again.