Lucene search
K

117 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:47 a.m.4 views

SUSE CVE-2021-4209

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances...

6.5CVSS8.9AI score0.01383EPSS
Exploits0References34
SUSE CVE
SUSE CVE
added 2023/02/15 3:33 a.m.3 views

SUSE CVE-2022-1615

In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...

7.5CVSS7AI score0.00409EPSS
Exploits1References14
Ubuntu
Ubuntu
added 2022/11/30 6:6 a.m.37 views

USN-5750-1: GnuTLS vulnerability

It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service...

6.5CVSS7AI score0.01383EPSS
Exploits0
OSV
OSV
added 2022/08/24 4:15 p.m.3 views

DEBIAN-CVE-2021-4209

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances...

6.5CVSS6.6AI score0.01383EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/24 4:15 p.m.7 views

CVE-2021-4209

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances...

6.5CVSS6.7AI score0.01383EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.7 views

The vulnerability in the `client_send_params` function of the `lib/ext/pre_shared_key.c` component of the Transport Layer Security library GnuTLS, related to the use of memory after it is freed, allows a attacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the clientsendparams function in the lib/ext/presharedkey.c component of the Transport Layer Security library GnuTLS is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its...

9.8CVSS6.7AI score0.03444EPSS
Exploits0References10Affected Software5
Ubuntu
Ubuntu
added 2021/08/02 5:25 p.m.128 views

USN-5029-1: GnuTLS vulnerabilities

It was discovered that GnuTLS incorrectly handled sending certain extensions when being used as a client. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7.4AI score0.03751EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2021/03/20 7:0 a.m.4 views

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

...

9.8CVSS6.4AI score0.03751EPSS
Exploits1
OSV
OSV
added 2021/03/12 7:15 p.m.4 views

UBUNTU-CVE-2021-20232

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences...

9.8CVSS6.7AI score0.03444EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/12/30 12:0 a.m.6 views

Linbit csync2 输入验证错误漏洞

Linbit csync2 is a cluster synchronization tool from Austrian company Linbit, which is mainly used to keep files on multiple hosts in a cluster synchronized. A security vulnerability exists in LINBIT csync2 version 2.0 and earlier versions, which stems from a failure to properly check the return...

5.3CVSS5.8AI score0.0131EPSS
Exploits0References6
OSV
OSV
added 2020/09/04 3:15 p.m.4 views

ALPINE-CVE-2020-24659

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...

7.5CVSS7AI score0.0373EPSS
Exploits1References1
OSV
OSV
added 2020/06/15 5:15 p.m.1 views

DEBIAN-CVE-2020-14154

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate...

4.8CVSS6.2AI score0.01061EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/04/17 12:0 a.m.5 views

The vulnerability of the implementation of the HMAC-SHA-256 mechanism in the GnuTLS cryptographic library allows a perpetrator to carry out an “Lucky 13” attack and a attack that recovers the plaintext.

The vulnerability of the HMAC-SHA-256 mechanism implemented in the GnuTLS cryptographic library is related to errors in the implementation of the cryptographic algorithm. Exploiting this vulnerability allows a malicious actor to perform both a “Lucky 13” attack and an attack that recovers the...

7.1CVSS6.3AI score0.03623EPSS
Exploits0References8Affected Software4
OSV
OSV
added 2020/04/03 1:15 p.m.2 views

ALPINE-CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

7.4CVSS6.9AI score0.03388EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2020/01/09 12:58 p.m.84 views

USN-4233-1: GnuTLS update

As a security improvement, this update marks SHA1 as being untrusted for digital signature operations...

5.3AI score
Exploits0References1
OSV
OSV
added 2019/10/30 10:15 p.m.2 views

DEBIAN-CVE-2018-21029

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication SNI is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname...

9.8CVSS6.8AI score0.03138EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/10/30 12:0 a.m.5 views

PT-2019-10455 · Systemd +1 · Systemd +1

Name of the Vulnerable Software and Affected Versions: systemd versions 239 through 245 Description: The issue concerns the acceptance of any certificate signed by a trusted certificate authority for DNS Over TLS, without sending Server Name Indication SNI and without hostname validation when usi...

9.8CVSS6.3AI score0.55116EPSS
Exploits30References42
RedHat Linux
RedHat Linux
added 2017/08/01 8:39 a.m.6 views

gnutls: Heap read overflow in read-packet.c

Multiple heap-based buffer overflows in the readattribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate...

9.8CVSS7.6AI score0.06179EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/06/23 12:0 a.m.5 views

The vulnerability of the read_attribute function in the GnuTLS library, related to the occurrence of operations outside the buffer boundaries in memory, allows attackers to compromise the integrity and accessibility of data.

The vulnerability of the readattribute function in the GnuTLS library is related to buffer overflow attacks. Exploiting this vulnerability allows a remote attacker to compromise the integrity and accessibility of data through a specially created OpenPGP certificate...

9.8CVSS7.8AI score0.06179EPSS
Exploits0References15Affected Software3
OSV
OSV
added 2017/06/16 7:29 p.m.3 views

DEBIAN-CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

7.5CVSS9AI score0.0341EPSS
Exploits0References1
Rows per page
Query Builder