Lucene search
K

8 matches found

OSV
OSV
added 2026/05/26 2:17 p.m.10 views

JLSEC-2026-519

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...

7.5CVSS5.8AI score0.0373EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.7 views

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2020-24659)

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...

7.5CVSS7.1AI score0.0373EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:54 a.m.2 views

SUSE CVE-2020-24659

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...

5.9CVSS7AI score0.0373EPSS
Exploits1References112
OSV
OSV
added 2021/03/05 11:2 a.m.3 views

OESA-2021-1046 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

7.5CVSS7AI score0.0373EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/12/15 5:24 p.m.3 views

gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent

A flaw was found in GnuTLS, where the server can trigger the client to run into heap buffer overflow if a norenegotiation alert is sent in an unexpected timing. This flaw allows the client to crash at the session deinitialization timing. The highest threat from this vulnerability is to system...

7.5CVSS7.5AI score0.0373EPSS
Exploits1References5
Microsoft CVE
Microsoft CVE
added 2020/09/17 7:0 a.m.3 views

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing and then an invalid second handshake occurs. The crash happens in the application's error handling path where the gnutls_deinit function is called after detecting a handshake failure.

...

7.5CVSS7AI score0.0373EPSS
Exploits1
OSV
OSV
added 2020/09/04 3:15 p.m.5 views

AZL-6445 CVE-2020-24659 affecting package gnutls for versions less than 3.6.14-5

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...

7.5CVSS7.2AI score0.0373EPSS
Exploits1References1
OSV
OSV
added 2020/09/04 3:15 p.m.2 views

UBUNTU-CVE-2020-24659

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...

7.5CVSS7.1AI score0.0373EPSS
Exploits1References5
Rows per page
Query Builder