Gnutls@2.6.3 Security Vulnerabilities and Issues — Gnutls@2.6.3 CVE List

Lucene search

GnuGnutls2.6.3

8 matches found

cve•added 2012/03/26 7:55 p.m.•180 views

CVE-2012-1569

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly...

5CVSS8.8AI score0.10039EPSS

cve•added 2013/02/08 7:55 p.m.•107 views

CVE-2013-1619

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks a...

4CVSS6.8AI score0.01291EPSS

cve•added 2009/08/12 10:30 a.m.•76 views

CVE-2009-2730

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate is...

7.5CVSS5.5AI score0.02695EPSS

cve•added 2012/03/26 7:55 p.m.•74 views

CVE-2012-1573

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted Gener...

5CVSS8.1AI score0.10166EPSS

cve•added 2012/01/06 1:55 a.m.•69 views

CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related is...

4.3CVSS8.4AI score0.01154EPSS

cve•added 2009/04/30 8:30 p.m.•50 views

CVE-2009-1416

lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.

7.5CVSS6.6AI score0.05344EPSS

cve•added 2009/04/30 8:30 p.m.•44 views

CVE-2009-1417

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate fu...

5CVSS6.4AI score0.00576EPSS

cve•added 2012/03/13 10:55 p.m.•43 views

CVE-2012-1663

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

7.5CVSS7.4AI score0.01636EPSS