Total
63 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4456 | 1 Gnu | 1 Gnutls | 2020-06-16 | 5.0 MEDIUM | 7.5 HIGH |
The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. | |||||
CVE-2015-0294 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Gnutls, Enterprise Linux | 2020-01-31 | 5.0 MEDIUM | 7.5 HIGH |
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | |||||
CVE-2015-8313 | 2 Debian, Gnu | 2 Debian Linux, Gnutls | 2020-01-09 | 4.3 MEDIUM | 5.9 MEDIUM |
GnuTLS incorrectly validates the first byte of padding in CBC modes | |||||
CVE-2019-3836 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Gnutls, Leap | 2019-05-30 | 5.0 MEDIUM | 7.5 HIGH |
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. | |||||
CVE-2019-3829 | 2 Fedoraproject, Gnu | 2 Fedora, Gnutls | 2019-05-30 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. | |||||
CVE-2017-5336 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. | |||||
CVE-2013-4487 | 2 Gnu, Opensuse | 2 Gnutls, Opensuse | 2018-10-30 | 5.0 MEDIUM | N/A |
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. | |||||
CVE-2014-8564 | 4 Canonical, Gnu, Opensuse and 1 more | 7 Ubuntu Linux, Gnutls, Opensuse and 4 more | 2018-10-30 | 5.0 MEDIUM | N/A |
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. | |||||
CVE-2017-5334 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. | |||||
CVE-2017-5335 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. | |||||
CVE-2017-5337 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | |||||
CVE-2008-4989 | 1 Gnu | 1 Gnutls | 2018-10-11 | 4.3 MEDIUM | N/A |
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). | |||||
CVE-2008-1950 | 1 Gnu | 1 Gnutls | 2018-10-11 | 5.0 MEDIUM | N/A |
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. | |||||
CVE-2008-1948 | 1 Gnu | 1 Gnutls | 2018-10-11 | 10.0 HIGH | N/A |
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1. | |||||
CVE-2008-1949 | 1 Gnu | 1 Gnutls | 2018-10-11 | 9.3 HIGH | N/A |
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. | |||||
CVE-2009-2730 | 1 Gnu | 1 Gnutls | 2018-10-10 | 7.5 HIGH | N/A |
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | |||||
CVE-2012-1573 | 1 Gnu | 1 Gnutls | 2018-01-17 | 5.0 MEDIUM | N/A |
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. | |||||
CVE-2012-1569 | 1 Gnu | 2 Gnutls, Libtasn1 | 2018-01-17 | 5.0 MEDIUM | N/A |
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. | |||||
CVE-2016-7444 | 1 Gnu | 1 Gnutls | 2018-01-04 | 5.0 MEDIUM | 7.5 HIGH |
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. | |||||
CVE-2017-7869 | 1 Gnu | 1 Gnutls | 2018-01-04 | 5.0 MEDIUM | 7.5 HIGH |
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. |