PT-2025-47801

Name of the Vulnerable Software and Affected Versions GnuTLS versions 15.0 and -current GnuTLS versions prior to Fedora 43 Description A stack overflow issue exists in GnuTLS. The issue is related to a flaw that could potentially allow for malicious exploitation. Recommendations Update GnuTLS to...

CLSA-2024-1734368297 gnutls: Fix of 3 CVEs

Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side...

ROS-20241211-10

Vulnerability of GnuTLS transport layer cryptographic library is related to difference of response time when processing RSA ciphertext in ClientKeyExchange message with correct and incorrect addition of PKCS1. PKCS1 padding. Exploitation of the vulnerability may allow a remote intruder to gain...

Security Bulletin: IBM Technical Support Appliance - possible exposure of sensitive information

Summary RSA-PSK key exchange occurs when establishing a connection from a web browser to the IBM Technical Support Appliance web UI. Vulnerability Details CVEID:CVE-2024-0553 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive information. By perform a timing side-channel attack...

Security Bulletin: IBM Technical Support Appliance - possible exposure of sensitive information

Summary RSA-PSK key exchange occurs when establishing a connection from a web browser to the IBM Technical Support Appliance web UI. Vulnerability Details CVEID:CVE-2023-5981 DESCRIPTION: GNU GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing sidechannel issu...

GnuTLS: Multiple Vulnerabilities

Background GnuTLS is a secure communications library implementing the SSL, TLS, and DTLS protocols Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Gnutls: vulnerable to minerva side-channel information leak

...

Gnutls: potential crash during chain building/verification

...

CVE-2024-28834 affecting package gnutls for versions less than 3.8.3-2

CVE-2024-28834 affecting package gnutls for versions less than 3.8.3-2. A patched version of the package is available...

CVE-2024-28835 affecting package gnutls for versions less than 3.8.3-2

CVE-2024-28835 affecting package gnutls for versions less than 3.8.3-2. A patched version of the package is available...

RHSA-2005:430 Red Hat Security Advisory: gnutls security update

Bulletin has no description...

CBL Mariner 2.0 Security Update: gnutls (CVE-2023-5981)

The version of gnutls installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5981 advisory. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange diffe...

CVE-2024-28835 affecting package gnutls for versions less than 3.7.11-1

CVE-2024-28835 affecting package gnutls for versions less than 3.7.11-1. A patched version of the package is available...

CVE-2024-0553 affecting package gnutls for versions less than 3.7.11-1

CVE-2024-0553 affecting package gnutls for versions less than 3.7.11-1. A patched version of the package is available...

CVE-2023-5981 affecting package gnutls for versions less than 3.7.11-1

CVE-2023-5981 affecting package gnutls for versions less than 3.7.11-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-28834 affecting package gnutls for versions less than 3.7.11-1

CVE-2024-28834 affecting package gnutls for versions less than 3.7.11-1. A patched version of the package is available...

Gnutls: timing side-channel in the rsa-psk authentication

...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-2653)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-2619)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2024-2264 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...