73 matches found
CVE-2012-1663
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted certificate list...
CVE-2012-1663
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted certificate list...
CVE-2012-1663
CVE-2012-1663 describes a double-free vulnerability in libgnutls (GnuTLS) before 3.0.14, allowing remote attackers to cause a denial of service (application crash) or potentially other impact via a crafted certificate list. Public references show exploits and advisories: exploitation activity exi...
openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-1)
The SSL-renegotiation 'authentication gap' has been fixed in gnutls. CVE-2009-3555 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update gnutls-3388. The text...
openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2)
This update fixes the safe renegotiation testing code which was missing in the previous update for CVE-2009-3555. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update gnutls-3647. The text...
openSUSE Security Update : gnutls (gnutls-1938)
gnutls did not properly handle embedded '\0' characters in x509 certificates. Attackers using specially crafted certificates could exploit that to conduct man-in-the-middle attacks CVE-2009-2730. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
CVE-2009-2730
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...
Design/Logic Flaw
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...
CVE-2009-2730
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...
CVE-2009-2730
CVE-2009-2730 affects GnuTLS libgnutls where a NULL character in a domain name (CN or SAN) of an X.509 certificate is not handled correctly, enabling MITM spoofing of SSL servers if a crafted cert from a trusted CA is issued. Affected product/version: libgnutls in GnuTLS prior to 2.8.2. Impact: p...
CVE-2009-2730
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...
Mandriva Linux Security Advisory : gnutls (MDVSA-2009:116)
Multiple vulnerabilities has been found and corrected in gnutls : lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service application crash and possibly have unspecified other impact via a...
CVE-2009-1415
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service application crash and possibly have unspecified other impact via a malformed DSA key that triggers a 1 free of an uninitialized pointe...
CVE-2009-1415
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service application crash and possibly have unspecified other impact via a malformed DSA key that triggers a 1 free of an uninitialized pointe...
Double free
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service application crash and possibly have unspecified other impact via a malformed DSA key that triggers a 1 free of an uninitialized pointe...
CVE-2009-1416
lib/gnutlspk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key...
CVE-2009-1415
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service application crash and possibly have unspecified other impact via a malformed DSA key that triggers a 1 free of an uninitialized pointe...
CVE-2009-1415
CVE-2009-1415 affects GnuTLS up to version 2.6.5 (fixed in 2.6.6). The flaw resides in lib/pk-libgcrypt.c within libgnutls, which mishandles invalid DSA signatures. A malformed DSA key can trigger a denial of service (application crash) and may cause additional impact, including a free of an unin...
CVE-2009-1416
GnuTLS CVE-2009-1416 affects GnuTLS 2.5.0–2.6.5: libgnutls/libgnutls_pk.c generates RSA keys and stores them in DSA structures, enabling remote attackers to spoof certificate signatures or cause unspecified impact via an invalid DSA key. Connected documents reference CVE IDs and advisories; no im...
GnuTLS 2.6.x - libgnutls libgnutls_pk.c DSA Key Storage Remote Spoofing
GnuTLS 2.6.x - libgnutls libgnutlspk.c DSA Key Storage Remote Spoofing // source: https://www.securityfocus.com/bid/34783/info GnuTLS is prone to multiple remote vulnerabilities: - A remote code-execution vulnerability - A denial-of-service vulnerability - A signature-generation vulnerability - A...