gnutls: Use-of-uninitialized-value in _nettle_rsa_check_size

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=6559599983329280 Project: gnutls Fuzzer: libFuzzergnutlsclientfuzzer Fuzz target binary: gnutlsclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-value Cras...

gnutls: Use-of-uninitialized-value in __gmpz_cmp_ui

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5924565177860096 Project: gnutls Fuzzer: libFuzzergnutlssrpclientfuzzer Fuzz target binary: gnutlssrpclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-valu...

gnutls: Use-of-uninitialized-value in __gmpn_tdiv_qr

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5744749560463360 Project: gnutls Fuzzer: libFuzzergnutlssrpclientfuzzer Fuzz target binary: gnutlssrpclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-valu...

gnutls: Use-of-uninitialized-value in __gmpz_limbs_finish

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=4887173172035584 Project: gnutls Fuzzer: libFuzzergnutlspskclientfuzzer Fuzz target binary: gnutlspskclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-valu...

gnutls: Use-of-uninitialized-value in __gmpn_tdiv_qr

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5818028144984064 Project: gnutls Fuzzer: libFuzzergnutlssrpclientfuzzer Fuzz target binary: gnutlssrpclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-valu...

Oracle Linux 7 : gnutls (ELSA-2017-2292)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2292 advisory. - Address crash in OCSP status request extension, by eliminating the unneeded parsing CVE-2017-7507, 1455828 Tenable has extracted the preceding...

Code injection

The "GNUTLSKEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem...

CVE-2016-4456

The "GNUTLSKEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem...

DEBIAN-CVE-2016-4456

The "GNUTLSKEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem...

CVE-2016-4456

The "GNUTLSKEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem...

CVE-2016-4456

The CVE-2016-4456 issue affects GnuTLS, specifically version 3.4.12. The vulnerability stems from how GNUTLS_KEYLOGFILE is handled via getenv(), which can allow an attacker to overwrite and corrupt arbitrary files in the filesystem. Several connected sources confirm the impact and the affected co...

CVE-2016-4456

The "GNUTLSKEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem...

gnutls: Use-of-uninitialized-value in wrap_nettle_cipher_aead_decrypt

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5729187954425856 Project: gnutls Fuzzer: libFuzzergnutlspskclientfuzzer Fuzz target binary: gnutlspskclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-valu...

gnutls security, bug fix, and enhancement update

3.3.26-9 - Address crash in OCSP status request extension, by eliminating the unneeded parsing CVE-2017-7507, 1455828 3.3.26-7 - Address interoperability issue with 3.5.x 1388932 - Reject CAs which are both trusted and blacklisted in trust module 1375303 - Added new functions to set issuer and...

gnutls: Use-of-uninitialized-value in _nettle_ecc_mod_random

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=6247063903797248 Project: gnutls Fuzzer: libFuzzergnutlspskclientfuzzer Fuzz target binary: gnutlspskclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-valu...

gnutls: Use-of-uninitialized-value in _nettle_aes_set_key

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5962058463969280 Project: gnutls Fuzzer: libFuzzergnutlspskclientfuzzer Fuzz target binary: gnutlspskclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-valu...

gnutls: Use-of-uninitialized-value in mpz_import

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=5790636118638592 Project: gnutls Fuzzer: libFuzzergnutlssrpclientfuzzer Fuzz target binary: gnutlssrpclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-valu...

RedHat Update for gnutls RHSA-2017:2292-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : gnutls (RHSA-2017:2292)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2292 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as...

gnutls: Out-of-bounds write related to the cdk_pkt_read function (GNUTLS-SA-2017-3)

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function in opencdk/read-packet.c. This issue which is a subset of the vendor's GNUTLS-SA-2017-3 report is fixed in 3.5.10...