EUVD-2017-14440

Malware in sbrugna...

CVE-2025-6395 affecting package gnutls for versions less than 3.8.3-6

CVE-2025-6395 affecting package gnutls for versions less than 3.8.3-6. A patched version of the package is available...

AZL-65193 CVE-2025-6395 affecting package gnutls for versions less than 3.8.3-6

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite...

AZL-65088 CVE-2025-32989 affecting package gnutls for versions less than 3.7.11-4

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

AZL-34740 CVE-2024-0567 affecting package gnutls for versions less than 3.8.3-1

A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of...

ALPINE-CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

BSA-2017-249

Security Advisory ID : BSA-2017-249 Component : SSL TLS Revision : 1.0: Interim It was found using the OSS-FUZZfuzzerinfrastructure that decoding a specially crafted X.509 certificate with Proxy Certificate Information extension present could lead to a double free. This issue was fixed...

DEBIAN-CVE-2017-5335

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service out-of-memory error and crash via a crafted OpenPGP certificate...

DEBIAN-CVE-2014-1959

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates...

UBUNTU-CVE-2013-1619

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...

gnutls record packet parsing DoS [GNUTLS-SA-2005-1]

The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutilscipher.c...