CVE-2023-25824 mod_gnutls contains Infinite Loop on request read timeout

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

CVE-2023-25824

CVE-2023-25824 affects the Mod_gnutls TLS module for Apache HTTPD (GnuTLS-based). Versions 0.9.0 through 0.12.0 do not properly fail blocking read operations on TLS connections when the transport times out, instead entering an endless loop that can consume CPU resources and, if trace logging is e...

CVE-2023-25824 mod_gnutls contains Infinite Loop on request read timeout

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

CVE-2023-25824 mod_gnutls contains Infinite Loop on request read timeout

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

Mod_gnutls 安全漏洞

modgnutls is a TLS module for Apache HTTPD based on GnuTLS. A security vulnerability exists in Modgnutls versions prior to 0.12.1, which stems from not properly blocking read operations on TLS connections and can be exploited by an attacker to cause a denial of service attack...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gnutls (SUSE-SU-2023:0475-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0475-1 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This...

PT-2023-20329 · Apache · Apache Httpd

Name of the Vulnerable Software and Affected Versions: Mod gnutls versions 0.9.0 through 0.12.0 Description: Mod gnutls is a TLS module for Apache HTTPD based on GnuTLS. It did not properly fail blocking read operations on TLS connections when the transport hit timeouts, entering an endless loop...

SUSE-SU-2023:0475-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange bsc1208143. - FIPS: Make the jitterentropy calls thread-safe bsc1208146. - FIPS: GnuTLS DH/ECDH PCT public key regeneration bsc1207183...

K18955141: GnuTLS vulnerability CVE-2018-16868

Security Advisory Description A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plainte...

K30446705: GnuTLS vulnerability CVE-2020-13777

Security Advisory Description GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until t...

K15623: GnuTLS vulnerability CVE-2009-5138

Security Advisory Description GnuTLS before 2.7.6, when the GNUTLSVERIFYALLOWX509V1CACRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new...

K17335: GnuTLS vulnerability CVE-2015-6251

Security Advisory Description Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName DN entry in a certificate. CVE-2015-6251 Impact This vulnerability allows disruption of service. Security Adviso...

K17330: GnuTLS vulnerability CVE-2015-3308

Security Advisory Description Double free vulnerability in lib/x509/x509ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. CVE-2015-3308 Impact A remote attacker may be able to cause a...

K15721: GnuTLS vulnerability CVE-2013-1619

Security Advisory Description The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to...

K15160: GnuTLS vulnerability CVE-2014-0092

Security Advisory Description lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVE-2014-0092 Impact...

K15345: GnuTLS vulnerability CVE-2014-3466

Security Advisory Description Buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service memory corruption or possibly execute arbitrary code via a long session id...

K59836191: GnuTLS vulnerabilities CVE-2017-5335, CVE-2017-5336, and CVE-2017-5337

Security Advisory Description CVE-2017-5335 The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service out-of-memory error and crash via a crafted OpenPGP certificate. CVE-2017-5336 Stack-based buffe...

K15637: GnuTLS vulnerability CVE-2013-2116

Security Advisory Description The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. CVE-2013-2116...

K37830055: GnuTLS vulnerability CVE-2017-7507

Security Advisory Description GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. CVE-2017-7507 Impact An attacker may be able to exploit this...

K17327: GnuTLS RSA PKCS signature vulnerability CVE-2015-0282

Security Advisory Description GnuTLS before 3.1.0 does not verify that the RSA PKCS 1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. CVE-2015-0282 Impact This vulnerability may allow remot...