Gnutls@3.5.0 Security Vulnerabilities and Issues — Gnutls@3.5.0 CVE List

Lucene search

GnuGnutls3.5.0

5 matches found

CVE•added 2017/03/24 3:59 p.m.•130 views

CVE-2017-5336

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.

9.8CVSS8.7AI score0.03938EPSS

CVE•added 2017/03/24 3:59 p.m.•129 views

CVE-2017-5337

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.

9.8CVSS8.5AI score0.02809EPSS

CVE•added 2016/09/27 3:59 p.m.•115 views

CVE-2016-7444

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnu...

7.5CVSS7.3AI score0.00754EPSS

CVE•added 2017/03/24 3:59 p.m.•107 views

CVE-2017-5334

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.

9.8CVSS8.5AI score0.05592EPSS

CVE•added 2017/03/24 3:59 p.m.•97 views

CVE-2017-5335

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

7.5CVSS7.9AI score0.03542EPSS