gnutls/gnutls_dn_parser_fuzzer: Use-of-uninitialized-value in decode_complex_string

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5751385119784960 Project: gnutls Fuzzer: libFuzzergnutlsdnparserfuzzer Fuzz target binary: gnutlsdnparserfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-value...

gnutls/gnutls_pkcs12_key_parser_fuzzer: Use-of-uninitialized-value in gnutls_pkcs12_get_bag

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5694185181544448 Project: gnutls Fuzzer: libFuzzergnutlspkcs12keyparserfuzzer Fuzz target binary: gnutlspkcs12keyparserfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type:...

gnutls/gnutls_ocsp_resp_parser_fuzzer: Use-of-uninitialized-value in _gnutls_x509_read_pkalgo_params

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5693444165468160 Project: gnutls Fuzzer: libFuzzergnutlsocsprespparserfuzzer Fuzz target binary: gnutlsocsprespparserfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type:...

gnutls/gnutls_srp_server_fuzzer: Use-of-uninitialized-value in _gnutls_x509_get_time

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5657484820217856 Project: gnutls Fuzzer: libFuzzergnutlssrpserverfuzzer Fuzz target binary: gnutlssrpserverfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-valu...

GnuTLS Plaintext Recovery Vulnerability

GnuTLS is a free secure communications library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in the GnuTLS implementation. An attacker can exploit the vulnerability to recover plaintext content with the help of specially crafted packets...

Code injection

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

Code injection

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

DEBIAN-CVE-2018-10846

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

CVE-2018-10844

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

DEBIAN-CVE-2018-10844

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

DEBIAN-CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

Cross site scripting

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

CVE-2018-10846

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

CVE-2018-10844

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

CVE-2018-10846

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

CVE-2018-10844

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

CVE-2018-10845

CVE-2018-10845 affects GnuTLS HMAC-SHA-384 and enables a Lucky Thirteen–style timing side-channel leading to potential plaintext recovery. The connected IBM advisories confirm remote exploitation via crafted packets to obtain information, with MEDIUM base scores and impact on confidentiality. Rem...

CVE-2018-10846

CVE-2018-10846 describes a cache-based side-channel in GnuTLS that can enable plaintext recovery in cross-VM settings. An attacker could combine a Just in Time Prime+probe attack with a Lucky-13 attack by sending crafted packets to exploit this vulnerability. Remediation in publicly documented ad...