CentOS 8 : gnutls (CESA-2020:5483)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:5483 advisory. - gnutls: Heap buffer overflow in handshake with norenegotiation alert sent CVE-2020-24659 Note that Nessus has not tested for this issue but has instead relied...

CentOS 8 : gnutls (CESA-2020:1998)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1998 advisory. - gnutls: DTLS client hello contains a random value of all zeroes CVE-2020-11501 Note that Nessus has not tested for this issue but has instead relied only on t...

CentOS 8 : gnutls (CESA-2019:3600)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3600 advisory. - gnutls: use-after-free/double-free in certificate verification CVE-2019-3829 - gnutls: invalid pointer access upon receiving async handshake messages...

PT-2021-5761 · Gnutls +10 · Gnutls +10

Name of the Vulnerable Software and Affected Versions: GnuTLS affected versions not specified Description: The issue is related to a use after free problem in the client sending key share extension, which may lead to memory corruption and other consequences, potentially allowing a remote attacker...

PT-2021-5771

Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description A flaw was found in the client send params function of the lib/ext/pre shared key.c component, related to a use after free issue. This may lead to memory corruption and other potential...

OSV-2017-62 Use-of-uninitialized-value in gnutls_memset

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1493 Crash type: Use-of-uninitialized-value Crash state: gnutlsmemset deinitkeys gnutlshandshakeinternalstateclear...

OSV-2021-147 Use-of-uninitialized-value in gnutls_ocsp_resp_get_status

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1492 Crash type: Use-of-uninitialized-value Crash state: gnutlsocsprespgetstatus gnutlsocsprespimport start...

OSV-2018-121 Use-of-uninitialized-value in _gnutls_x509_read_pkalgo_params

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10135 Crash type: Use-of-uninitialized-value Crash state: gnutlsx509readpkalgoparams printcrtpubkey printcert...

OSV-2018-92 Use-of-uninitialized-value in _gnutls_x509_get_time

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10125 Crash type: Use-of-uninitialized-value Crash state: gnutlsx509gettime gnutlsx509crtgetexpirationtime gnutlscheckcertsanity...

Debian DLA-2515-1 : csync2 security update

It was discovered that csync2, a cluster synchronization tool, did not correctly check for the return value from GnuTLS security routines. It neglected to repeatedly call this function as required by the design of the API. For Debian 9 'Stretch', this problem has been fixed in version...

DEBIAN-CVE-2019-15523

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLSEWARNINGALERTRECEIVED of the gnutlshandshake function. It neglects to call this function again, as required by the design of the API...

UBUNTU-CVE-2019-15523

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLSEWARNINGALERTRECEIVED of the gnutlshandshake function. It neglects to call this function again, as required by the design of the API...

CVE-2019-15523

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLSEWARNINGALERTRECEIVED of the gnutlshandshake function. It neglects to call this function again, as required by the design of the API...

CVE-2019-15523

CVE-2019-15523 affects LINBIT csync2 up to version 2.0. The issue stems from not correctly checking the GNUTLS_E_WARNING_ALERT_RECEIVED return value from gnutls_handshake() and failing to call it again as required by the API design, which may lead to improper TLS handling. Publicly documented imp...

gnutls security and bug fix update

3.6.14-7 - Increase DH key bits to = 2048 in self-tests 1879506 - Implement self-tests for KDF and CMAC 1890870 - Fix CVE-2020-24659: heap buffer-overflow when 'norenegotiation' alert is received 1873959...

Oracle Linux 8 : gnutls (ELSA-2020-5483)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5483 advisory. 3.6.14-7 - Increase DH key bits to = 2048 in self-tests 1879506 - Implement self-tests for KDF and CMAC 1890870 - Fix CVE-2020-24659: heap buffer-overflow when...

RHEL 8 : gnutls (RHSA-2020:5483)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5483 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...

Moderate: Red Hat Security Advisory: gnutls security and bug fix update

An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent

A flaw was found in GnuTLS, where the server can trigger the client to run into heap buffer overflow if a norenegotiation alert is sent in an unexpected timing. This flaw allows the client to crash at the session deinitialization timing. The highest threat from this vulnerability is to system...

Moderate: gnutls security and bug fix update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Heap buffer overflow in handshake with norenegotiation alert sent CVE-2020-24659 For more details about the...