CVE-2025-13034

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

MiracleLinux 4 : gnutls-2.8.5-10.2.0.1.AXS4 (AXSA:2013-469:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-469:02 advisory. GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the...

OESA-2026-1046 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

OESA-2026-1045 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

CVE-2025-13034 No QUIC certificate pinning with GnuTLS

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

[SECURITY] Fedora 43 Update: gnutls-3.8.11-1.fc43

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the gnutlspkcs11tokeninit function. An attacker can cause a crash or potentially execute arbitrary code by supplying a PKCS11 token with a label longer than 32 characters, leading to writing past the end ...

gnutls security, bug fix, and enhancement update

An update is available for gnutls. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls packages provide the GNU Transport Layer Security GnuTLS library,...

EUVD-2010-0757

Malware in sbrugna...

CLSA-2025-1759334361 gnutls: Fix of CVE-2025-32990

CVE-2025-32990: fix heap-buffer-overflow flaw in template parsing logic to prevent OOB NULL pointer write and memory corruption...

RHEL 9 : gnutls (RHSA-2025:16116)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:16116 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...

AZL-65154 CVE-2025-6395 affecting package gnutls for versions less than 3.7.11-4

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite...

UBUNTU-CVE-2025-6395

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the gnutlsfigurecommonciphersuite function. Remediation A fix was pushed into the master branch but not yet published. References - Fix Commit - PoC - Red Hat Bugzilla Bug - Release Notes Credit: Stefan Bühl...

CLSA-2025-1747903683 gnutls: Fix of 2 CVEs

CVE-2024-28834: fix side-channel leak in the deterministic ECDSA - CVE-2024-28835: fix crash when verifying a certificate chain with more than 16 certificates...

Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS CVE-2024-12243 For more details...

ALSA-2025:4051 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS CVE-2024-12243 For more details...

Linux Distros Unpatched Vulnerability : CVE-2011-4128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the gnutlssessiongetdata function in lib/gnutlssession.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that...

OESA-2025-1176 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

ALSA-2024:1879 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: vulnerable to Minerva side-channel information leak CVE-2024-28834 gnutls: potential crash during chain...