Gnutls@3.0.3 Security Vulnerabilities and Issues — Gnutls@3.0.3 CVE List

Lucene search

GnuGnutls3.0.3

8 matches found

cve•added 2012/03/26 7:55 p.m.•180 views

CVE-2012-1569

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly...

5CVSS8.8AI score0.10039EPSS

cve•added 2013/02/08 7:55 p.m.•107 views

CVE-2013-1619

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks a...

4CVSS6.8AI score0.01291EPSS

cve•added 2012/03/26 7:55 p.m.•74 views

CVE-2012-1573

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted Gener...

5CVSS8.1AI score0.10166EPSS

cve•added 2011/12/08 8:55 p.m.•69 views

CVE-2011-4128

Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTic...

4.3CVSS8.1AI score0.01319EPSS

cve•added 2012/01/06 1:55 a.m.•69 views

CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related is...

4.3CVSS8.4AI score0.01154EPSS

cve•added 2014/11/13 9:32 p.m.•66 views

CVE-2014-8564

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing r...

5CVSS6.3AI score0.00812EPSS

cve•added 2014/06/10 2:55 p.m.•60 views

CVE-2014-3465

The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.

5CVSS6.3AI score0.00736EPSS

cve•added 2012/03/13 10:55 p.m.•43 views

CVE-2012-1663

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

7.5CVSS7.4AI score0.01636EPSS