CLSA-2025-1747903683 gnutls: Fix of 2 CVEs

CVE-2024-28834: fix side-channel leak in the deterministic ECDSA - CVE-2024-28835: fix crash when verifying a certificate chain with more than 16 certificates...

Astra Linux – Vulnerability in gnutls28

A flaw has been discovered in GnuTLS, where an application crash can occur when attempting to verify a specially crafted .pem bundle using the “certtool --verify-chain” command...

Denial Of Service (DoS)

github.com/CosmWasm/wasmvm is vulnerable to a Denial-of-Service DoS. The vulnerability is due to a bug affecting both permissioned and permissionless chains due to its ability to be reliably triggered using a malicious contract, potentially causing a chain crash...

wasmvm: Malicious smart contract can crash the chain

CWA-2025-001 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to crash the chain. The underlying bug that causes this is presen...

wasmvm: Malicious smart contract can crash the chain

CWA-2025-001 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to crash the chain. The underlying bug that causes this is presen...

SUSE-SU-2025:20017-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2024-28835: certtool crash when verifying a certificate chain bsc1221747 - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA bsc1221746 - jitterentropy: Release the memory of the entropy collector when using jitterentropy with...

Medium: gnutls

Issue Overview: A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeab...

OESA-2024-1470 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...