4568 matches found
Code injection
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...
CVE-2020-11501
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...
CVE-2020-11501
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...
CVE-2020-11501
CVE-2020-11501 affects GnuTLS 3.6.x prior to 3.6.13. The DTLS client uses 32 null bytes instead of random values during DTLS negotiations, removing randomness and breaking DTLS security guarantees. Affected range starts at 3.6.3 (2018-07-16) due to a 2017-10-06 commit. The issue was fixed in 3.6....
GLSA-202004-06 : GnuTLS: DTLS protocol regression
The remote host is affected by the vulnerability described in GLSA-202004-06 GnuTLS: DTLS protocol regression It was discovered that DTLS client did not contribute any randomness to the DTLS negotiation. Impact : Please review the referenced advisory for details. Workaround : There is no known...
GnuTLS: DTLS protocol regression
Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description It was discovered that DTLS client did not contribute any randomness to the DTLS negotiation. Impact Please review the referenced advisory for details. Workaround There is no known workaround at this time...
FreeBSD : GnuTLS -- flaw in DTLS protocol implementation (d887b3d9-7366-11ea-b81a-001cc0382b2f)
The GnuTLS project reports : It was found that GnuTLS 3.6.3 introduced a regression in the DTLS protocol implementation. This caused the DTLS client to not contribute any randomness to the DTLS negotiation breaking the security guarantees of the DTLS protocol. C Tenable Network Security, Inc. The...
Slackware 14.2 / current : gnutls (SSA:2020-091-01)
New gnutls packages are available for Slackware 14.2 and -current to fix a security issue. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2020-091-01. The text itself is copyright C Slackware Linux, Inc...
CVE-2018-16868
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process could use this to extract plain text or, in some cases,...
[slackware-security] gnutls
New gnutls packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/gnutls-3.6.13-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: libgnutls: Fix a DTLS-protocol regression caused by...
GnuTLS -- flaw in DTLS protocol implementation
The GnuTLS project reports: It was found that GnuTLS 3.6.3 introduced a regression in the DTLS protocol implementation. This caused the DTLS client to not contribute any randomness to the DTLS negotiation breaking the security guarantees of the DTLS protocol...
gnutls:gnutls_psk_client_fuzzer: Use-of-uninitialized-value in __gmpz_clear
Project: https://gitlab.com/gnutls/gnutls.git Detailed Report: https://oss-fuzz.com/testcase?key=6296663875649536 Project: gnutls Fuzzing Engine: libFuzzer Fuzz Target: gnutlspskclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Cra...
gnutls:gnutls_x509_crl_parser_fuzzer: Use-of-uninitialized-value in print_crl
Project: https://gitlab.com/gnutls/gnutls.git Detailed Report: https://oss-fuzz.com/testcase?key=5639123231834112 Project: gnutls Fuzzing Engine: libFuzzer Fuzz Target: gnutlsx509crlparserfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...
Critical Photon OS Security Update - PHSA-2020-0285
Updates of 'apache-tomcat' packages of Photon OS have been released...
CVE-2013-7098
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection...
DEBIAN-CVE-2013-7098
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection...
CVE-2013-7098
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection...
Heap overflow
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection...
CVE-2013-7098
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection...
CVE-2013-7098
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection...