Gnutls@1.0.16 Security Vulnerabilities and Issues — Gnutls@1.0.16 CVE List

Lucene search

GnuGnutls1.0.16

7 matches found

CVE•added 2012/03/26 7:55 p.m.•180 views

CVE-2012-1569

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly...

5CVSS8.8AI score0.10039EPSS

CVE•added 2009/08/12 10:30 a.m.•76 views

CVE-2009-2730

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate is...

7.5CVSS5.5AI score0.02695EPSS

CVE•added 2010/05/24 7:30 p.m.•67 views

CVE-2006-7239

The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.

5CVSS6.5AI score0.0027EPSS

CVE•added 2010/03/26 6:30 p.m.•59 views

CVE-2010-0731

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check a...

7.5CVSS6.9AI score0.03085EPSS

CVE•added 2005/10/25 4:0 a.m.•46 views

CVE-2004-2531

X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.

7.8CVSS6.7AI score0.00872EPSS

CVE•added 2009/04/30 8:30 p.m.•44 views

CVE-2009-1417

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate fu...

5CVSS6.4AI score0.00576EPSS

CVE•added 2012/03/13 10:55 p.m.•43 views

CVE-2012-1663

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

7.5CVSS7.4AI score0.01636EPSS