gnutls: invalid pointer access upon receiving async handshake messages

A flaw was found in the way gnutls handled malformed TLS 1.3 asynchronous messages. An attacker could use this flaw to crash an application compiled with gnutls via invalid pointer access...

Moderate: Red Hat Security Advisory: gnutls security, bug fix, and enhancement update

An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

gnutls: use-after-free/double-free in certificate verification

A double free flaw was found in the way the certificate verification API was implemented for gnutls. An attacker could cause a client or server application compiled against gnutls to crash by parsing a specially-crafted certificate...

CVE-2018-21029

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication SNI is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname...

CVE-2018-21029

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication SNI is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname...

CVE-2018-21029

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication SNI is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname...

Input validation

DISPUTED systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication SNI is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since...

CVE-2018-21029

CVE-2018-21029 affects systemd 239–245, where DNS over TLS accepts any CA-signed certificate because hostname validation is not performed with the GnuTLS backend and SNI is not sent. This creates potential exposure of confidentiality/integrity/availability for DNS over TLS connections, with CVSS ...

CVE-2018-21029

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication SNI is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname...

CVE-2018-21029

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication SNI is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname...

EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-2016)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of 'Just in...

FreeBSD : Exim -- RCE with root privileges in TLS SNI handler (61db9b88-d091-11e9-8d41-97657151f8c2)

Exim developers report : If your Exim server accepts TLS connections, it is vulnerable. This does not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected. The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The...

Exim TLS Flaw Opens Email Servers to Remote 'Root' Code Execution Attacks

A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days...

Exim TLS Flaw Opens Email Servers to Remote 'Root' Code Execution Attacks

A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days...

Exim -- RCE with root privileges in TLS SNI handler

Exim developers report: If your Exim server accepts TLS connections, it is vulnerable. This does not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected. The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The...

NewStart CGSL MAIN 4.05 : gnutls Multiple Vulnerabilities (NS-SA-2019-0109)

The remote NewStart CGSL host, running version MAIN 4.05, has gnutls packages installed that are affected by multiple vulnerabilities: - Stack-based buffer overflow in the cdkpkgetkeyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have...

NewStart CGSL CORE 5.04 / MAIN 5.04 : gnutls Multiple Vulnerabilities (NS-SA-2019-0068)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gnutls packages installed that are affected by multiple vulnerabilities: - It was found that GnuTLS's implementation of HMAC- SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to...

EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2019-1743)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of 'Just in...

EulerOS Virtualization for ARM 64 3.0.2.0 : gnutls (EulerOS-SA-2019-1693)

According to the version of the gnutls packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a...

gnutls/gnutls_x509_verify_fuzzer: Use-of-uninitialized-value in asn1_write_value

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5711046548914176 Project: gnutls Fuzzer: libFuzzergnutlsx509verifyfuzzer Fuzz target binary: gnutlsx509verifyfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type:...