Lucene search
K
GnuGnutls

74 matches found

CVE
CVE
added 2015/09/02 2:0 p.m.91 views

CVE-2015-3308

CVE-2015-3308: A double-free in GnuTLS’ lib/x509/x509_ext.c when parsing CRL distribution points (vulnerable in GnuTLS releases before 3.3.14) may allow remote DoS or other impact. Affected component: x509_ext.c; root cause: double-free; impact: DoS and possible unspecified effects; remediation: ...

7.5CVSS7.3AI score0.03921EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.91 views

CVE-2016-4456

The CVE-2016-4456 issue affects GnuTLS, specifically version 3.4.12. The vulnerability stems from how GNUTLS_KEYLOGFILE is handled via getenv(), which can allow an attacker to overwrite and corrupt arbitrary files in the filesystem. Several connected sources confirm the impact and the affected co...

7.5CVSS7.4AI score0.022EPSS
CVE
CVE
added 2011/12/08 8:0 p.m.89 views

CVE-2011-4128

CVE-2011-4128 affects GnuTLS: a buffer overflow in gnutls_session_get_data in lib/gnutls_session.c can be triggered when a client uses nonstandard session resumption. A remote TLS server can cause an application crash (DoS) by sending a large SessionTicket. Affected are GnuTLS 2.12.x prior to 2.1...

4.3CVSS8.1AI score0.02386EPSS
CVE
CVE
added 2019/12/20 1:10 p.m.89 views

CVE-2015-8313

CVE-2015-8313 affects GnuTLS: the first padding byte in CBC mode is not correctly validated, enabling a MITM POODLE-style attack to potentially reveal plaintext. Connected sources show this vulnerability cited in multiple advisories (Debian DLA-364-1, SUSE/SUSE-SU-2016:0077-1, IBM FSM bulletin, N...

5.9CVSS5.5AI score0.01685EPSS
CVE
CVE
added 2014/03/06 6:0 p.m.88 views

CVE-2009-5138

GnuTLS before 2.7.6 is vulnerable when GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is not enabled: X.509 v1 certificates may be treated as intermediate CAs, allowing a remote attacker to issue new certificates. Affected: GnuTLS library (pre-2.7.6). Remediation: upgrade to 2.7.6 or newer (per the CVE descr...

5.8CVSS7.3AI score0.01814EPSS
CVE
CVE
added 2008/05/21 10:0 a.m.85 views

CVE-2008-1950

CVE-2008-1950 affects the GnuTLS stack (libgnutls) with an integer signedness flaw in _gnutls_ciphertext2compressed, exploitable via a crafted Random field in an encrypted Client Hello within a TLS record with invalid Record Length. This can trigger a buffer over-read and cause a denial of servic...

5CVSS6.1AI score0.04954EPSS
CVE
CVE
added 2010/03/26 6:0 p.m.85 views

CVE-2010-0731

GnuTLS before 1.2.1 (BE, 64‑bit) contains a flaw in gnutls_x509_crt_get_serial that decodes ASN.1 data with the wrong type/length, allowing a crafted X.509 certificate to bypass CRL checks and potentially cause a stack-based overflow. This vulnerability is addressed by Red Hat/CentOS OpenVAS advi...

7.5CVSS6.9AI score0.02944EPSS
CVE
CVE
added 2025/07/10 8:5 a.m.85 views

CVE-2025-32989

CVE-2025-32989 : A heap-buffer-overread in GnuTLS occurs during X.509 certificate parsing of the CT SCT extension (OID 1.3.6.1.4.1.11129.2.4.2). A malformed SCT can lead to exposure of confidential data when certificates are validated for certain sites and SCT checks are not performed correctly. ...

5.3CVSS6.4AI score0.01179EPSS
CVE
CVE
added 2010/05/24 7:0 p.m.83 views

CVE-2006-7239

The CVE-2006-7239 issue affects GnuTLS up to version 1.4.1, where _gnutls_x509_oid2mac_algorithm in lib/gnutls_algorithms.c can dereference NULL when processing X.509 certificates that use a hash algorithm not supported by GnuTLS, enabling a remote DoS through a crash. Affected component: GnuTLS ...

5CVSS6.5AI score0.01545EPSS
CVE
CVE
added 2008/05/21 10:0 a.m.77 views

CVE-2008-1948

CVE-2008-1948 affects GnuTLS before 2.2.4. The _gnutls_server_name_recv_params function in libext_server_name.c within libgnutls/gnutls-serv mishandles the Server Names count in TLS 1.0 Client Hello extensions, causing a buffer overflow in session resumption data and potentially a crash or arbitr...

10CVSS8AI score0.12018EPSS
CVE
CVE
added 2014/06/10 2:0 p.m.77 views

CVE-2014-3465

CVE-2014-3465 affects GnuTLS, specifically gnutls_x509_dn_oid_name in lib/x509/common.c. In GnuTLS 3.0.x before 3.1.20 and 3.2.x before 3.2.10, processing an X.509 DN with an OID lacking an LDAP description can trigger a NULL pointer dereference via crafted certificates, causing a denial of servi...

5CVSS6.3AI score0.06783EPSS
CVE
CVE
added 2013/11/19 7:0 p.m.75 views

CVE-2013-4487

GnuTLS libdane contains an off-by-one in dane_raw_tlsa that can cause memory corruption/DoS when a DNS response includes more than four DANE entries. Affected: GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6; root cause tied to incomplete fix for CVE-2013-4466. Remediation: upgrade to 3.1.16 or...

5CVSS6.4AI score0.0192EPSS
CVE
CVE
added 2008/08/08 7:0 p.m.74 views

CVE-2008-2377

CVE-2008-2377 is a use-after-free in GNU TLS: the _gnutls_handshake_hash_buffers_clear function in libgnutls (GnuTLS 2.3.5–2.4.0) can allow a remote attacker to crash the service or potentially run arbitrary code during TLS handshakes, due to improper handling of a deallocated libgcrypt handle. A...

7.6CVSS7.8AI score0.05457EPSS
CVE
CVE
added 2008/05/21 10:0 a.m.66 views

CVE-2008-1949

CVE-2008-1949 affects the GnuTLS stack (libgnutls in gnutls-serv). The flaw is in _gnutls_recv_client_kx_message, which can erroneously continue processing Client Hello messages within a TLS record after one has been handled, causing a NULL dereference and a crash (denial of service). Affected co...

9.3CVSS6.1AI score0.05772EPSS
CVE
CVE
added 2009/04/30 8:0 p.m.66 views

CVE-2009-1415

CVE-2009-1415 affects GnuTLS up to version 2.6.5 (fixed in 2.6.6). The flaw resides in lib/pk-libgcrypt.c within libgnutls, which mishandles invalid DSA signatures. A malformed DSA key can trigger a denial of service (application crash) and may cause additional impact, including a free of an unin...

4.3CVSS7AI score0.07922EPSS
CVE
CVE
added 2009/04/30 8:0 p.m.62 views

CVE-2009-1417

CVE-2009-1417 concerns gnutls-cli in GnuTLS prior to 2.6.6, where the time checks for X.509 certificates are not performed in _gnutls_x509_verify_certificate. This allows a remote attacker to present a certificate that is not yet valid or has expired, with downstream impact on affected apps (Exim...

5CVSS6.4AI score0.01428EPSS
CVE
CVE
added 2009/04/30 8:0 p.m.61 views

CVE-2009-1416

GnuTLS CVE-2009-1416 affects GnuTLS 2.5.0–2.6.5: libgnutls/libgnutls_pk.c generates RSA keys and stores them in DSA structures, enabling remote attackers to spoof certificate signatures or cause unspecified impact via an invalid DSA key. Connected documents reference CVE IDs and advisories; no im...

7.5CVSS6.6AI score0.03901EPSS
CVE
CVE
added 2005/10/25 4:0 a.m.57 views

CVE-2004-2531

X.509 certificate verification in GnuTLS 1.0.16 can be exploited by sending RSA certificates with very large modulus/exponent values to cause resource exhaustion and a denial of service. The CERT advisory notes cross‑vendor impact and that patches/updates have been released by vendors; apply the ...

7.8CVSS6.7AI score0.01685EPSS
CVE
CVE
added 2012/03/13 10:0 p.m.57 views

CVE-2012-1663

CVE-2012-1663 describes a double-free vulnerability in libgnutls (GnuTLS) before 3.0.14, allowing remote attackers to cause a denial of service (application crash) or potentially other impact via a crafted certificate list. Public references show exploits and advisories: exploitation activity exi...

7.5CVSS7.4AI score0.05236EPSS
Web
CVE
CVE
added 2026/05/07 12:0 p.m.50 views

CVE-2026-42010

CVE-2026-42010 affects gnutls where servers using RSA-PSK incorrectly match usernames containing a NUL character, causing truncation and an authentication bypass. A remote attacker could exploit by sending a crafted username to gain unauthorized access. Connected advisories confirm a patch: Root ...

9.8CVSS5.8AI score0.0105EPSS
CVE
CVE
added 2026/05/18 12:44 p.m.39 views

CVE-2026-42009

CVE-2026-42009 affects the GnuTLS library, where DTLS packet reordering uses a comparator that mishandles duplicate sequence numbers. This can cause unstable DTLS packet ordering or undefined behavior, leading to a denial of service. The vulnerability is described consistently across NVD entries ...

7.5CVSS5.8AI score0.01335EPSS
CVE
CVE
added 2026/04/30 5:41 p.m.36 views

CVE-2026-3832

CVE-2026-3832 affects the gnutls library. A logic error in processing multi-record OCSP responses during TLS handshakes can cause a client with OCSP verification enabled to incorrectly accept a revoked server certificate, potentially compromising trust. The available documents describe the vulner...

3.7CVSS5.4AI score0.0072EPSS
CVE
CVE
added 2026/04/30 5:37 p.m.29 views

CVE-2026-3833

Technical details for CVE-2026-3833 are not publicly available in the provided documents; OpenSUSE/PTSecurity entries reference fixes but do not expose affected components, impact, or mitigation here. Monitor for updates.

7.4CVSS5.3AI score0.00566EPSS
CVE
CVE
added 2026/04/09 6:0 p.m.27 views

CVE-2026-1584

The CVE-2026-1584 entry concerns gnutls. A remote, unauthenticated attacker can trigger a NULL pointer dereference during TLS via a crafted ClientHello that has an invalid PSK binder, causing a server crash and remote DoS. Connected documents confirm this vulnerability across multiple sources (NV...

7.5CVSS5.9AI score0.01382EPSS
Total number of security vulnerabilities74