Gnutls@1.3.3 Security Vulnerabilities and Issues — Gnutls@1.3.3 CVE List

Lucene search

GnuGnutls1.3.3

9 matches found

cve•added 2012/03/26 7:55 p.m.•180 views

CVE-2012-1569

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly...

5CVSS8.8AI score0.10039EPSS

cve•added 2006/09/14 7:7 p.m.•97 views

CVE-2006-4790

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correc...

5CVSS6.6AI score0.07729EPSS

cve•added 2009/08/12 10:30 a.m.•76 views

CVE-2009-2730

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate is...

7.5CVSS5.5AI score0.02695EPSS

cve•added 2010/05/24 7:30 p.m.•67 views

CVE-2006-7239

The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.

5CVSS6.5AI score0.0027EPSS

cve•added 2008/05/21 1:24 p.m.•64 views

CVE-2008-1950

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message wi...

5CVSS6.1AI score0.10084EPSS

cve•added 2008/05/21 1:24 p.m.•58 views

CVE-2008-1948

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (cr...

10CVSS8AI score0.23881EPSS

cve•added 2008/05/21 1:24 p.m.•50 views

CVE-2008-1949

The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and cr...

9.3CVSS6.1AI score0.15166EPSS

cve•added 2009/04/30 8:30 p.m.•44 views

CVE-2009-1417

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate fu...

5CVSS6.4AI score0.00576EPSS

cve•added 2012/03/13 10:55 p.m.•43 views

CVE-2012-1663

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

7.5CVSS7.4AI score0.01636EPSS