Mod Gnutls Security Vulnerabilities and Issues — Mod Gnutls CVE List

Lucene search

Mod Gnutls ProjectMod Gnutls

6 matches found

CVE•added 2019/03/27 6:29 p.m.•190 views

CVE-2019-3829

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

7.5CVSS6.2AI score0.04071EPSS

CVE•added 2019/04/01 3:29 p.m.•186 views

CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

7.5CVSS6.2AI score0.00482EPSS

CVE•added 2017/06/16 7:29 p.m.•170 views

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.

7.5CVSS7.2AI score0.00611EPSS

CVE•added 2020/01/27 4:15 p.m.•140 views

CVE-2015-0294

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.

7.5CVSS7.3AI score0.00584EPSS

CVE•added 2023/02/23 10:15 p.m.•49 views

CVE-2023-25824

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This cou...

7.5CVSS7.4AI score0.00392EPSS

CVE•added 2018/02/03 3:29 p.m.•33 views

CVE-2009-5144

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.

7.5CVSS7.3AI score0.00163EPSS