Lucene search

FreeBSDB31A1088-460F-11DE-A11A-0022156E8794

HistoryMay 21, 2009 - 12:00 a.m.

GnuTLS -- multiple vulnerabilities

2009-05-2100:00:00

vuxml.freebsd.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.12 Low

EPSS

Percentile

95.3%

JSON

SecurityFocus reports:

GnuTLS is prone to multiple remote vulnerabilities:

A remote code-execution vulnerability.
A denial-of-service vulnerability.
A signature-generation vulnerability.
A signature-verification vulnerability.

An attacker can exploit these issues to potentially execute
arbitrary code, trigger denial-of-service conditions, carry
out attacks against data signed with weak signatures, and
cause clients to accept expired or invalid certificates from
servers.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgnutls< 2.6.6UNKNOWN
FreeBSDanynoarchgnutls-devel< 2.7.8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	gnutls	< 2.6.6	UNKNOWN
FreeBSD	any	noarch	gnutls-devel	< 2.7.8	UNKNOWN

References

article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515

article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516

article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.12 Low

EPSS

Percentile

95.3%

JSON

Related for B31A1088-460F-11DE-A11A-0022156E8794