gnutls/gnutls_idna_parser_fuzzer: Use-of-uninitialized-value in _idn2_punycode_decode

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5637280142721024 Project: gnutls Fuzzer: libFuzzergnutlsidnaparserfuzzer Fuzz target binary: gnutlsidnaparserfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type:...

Security Bulletin: IBM MQ Appliance is affected by GnuTLS vulnerabilities (CVE-2018-10845 and CVE-2018-10844)

Summary IBM MQ Appliance has addressed the following GnuTLS vulnerabilities. Vulnerability Details CVEID: CVE-2018-10845 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive information, caused by a flaw in the implementation of HMAC-SHA-384. By sending a specially-crafted packet...

Security Bulletin: IBM Security Guardium is aware of a GnuTLS vulnerability

Summary IBM Security Guardium is aware of the following vulnerabilities Vulnerability Details CVE-2018-10846, CVE-2018-10845, CVE-2018-10844 Affected Products and Versions Affected IBM Security Guardium | Affected Versions ---|--- IBM Security Guardium | 9 - 9.5 IBM Security Guardium | 10 - 10.5...

EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-1026)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls CVE-2018-10844 Note that Tenable Network Security h...

[ASA-201902-10] libcurl-gnutls: arbitrary code execution

Arch Linux Security Advisory ASA-201902-10 ========================================== Severity: High Date : 2019-02-12 CVE-ID : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Package : libcurl-gnutls Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-877 Summary...

Photon OS 1.0: Gnutls PHSA-2017-0016

An update of the gnutls package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0016. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121691;...

Photon OS 1.0: Gnutls PHSA-2017-0015

An update of the gnutls package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0015. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121688;...

Security Bulletin: IBM Flex System Manager (FSM) is affected by vulnerability (CVE-2014-3466)

Summary IBM Flex System Manager FSM is affected by gnutls vulnerability CVE-2014-3466 which could be used to create a buffer overflow. Vulnerability Details Abstract IBM Flex System Manager FSM is affected by gnutls vulnerability CVE-2014-3466 which could be used to create a buffer overflow...

Man-in-the-Middle (MitM)

gnutls is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists as GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is 1 not yet...

Information Leakage

The GnuTLS library is susceptible to information leakage. When CBC-mode cipher is used, attacker can use a TLS/SSL server as a padding oracle to decrypt the encrypted packets...

Authorization Bypass

gnutls is vulnerable to authorization bypass attacks. The vulnerability exists as GnuTLS before 2.7.6, when the GNUTLSVERIFYALLOWX509V1CACRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a...

Man-in-the-Middle (MitM)

gnutls is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists as lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof...

Denial Of Service (DoS)

GnuTLS is vulnerable to denial of service. A buffer over-read occurs in the gnutlsciphertext2compressed function in lib/gnutlscipher.c when CBC-mode cipher suites are used. This allows a remote attacker to crash the process via a crafted padding length...

Remote Code Execution (RCE)

gnutls is vulnerable to remote code execution RCE attacks. The vulnerability exists due to a possible buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service...

Denial Of Service (DoS)

gnutls is vulnerable to denial of service DoS attacks. The vulnerability exists as the gnutlsx509oid2macalgorithm function in lib/gnutlsalgorithms.c allows remote attackers to cause a denial of service through a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS,...

[SECURITY] Fedora 28 Update: gnutls-3.6.5-2.fc28

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

Fedora Update for gnutls FEDORA-2019-1a0d4443f8

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 28 : gnutls (2019-1a0d4443f8)

Added explicit Requires for nettle = 3.4.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenab...

Fedora 29 : gnutls (2019-99eefddc65)

Added explicit Requires for nettle = 3.4.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenab...

[SECURITY] Fedora 29 Update: gnutls-3.6.5-2.fc29

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...