Product:

Gnutls

(Gnu)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 65
Date Id Summary Products Score Patch Annotated
2018-08-22 CVE-2018-10846 A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. Ubuntu_linux, Debian_linux, Fedora, Gnutls, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 5.6
2018-12-03 CVE-2018-16868 A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. Gnutls 5.6
2022-08-24 CVE-2021-4209 A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. Gnutls, Active_iq_unified_manager, Hci_bootstrap_os, Solidfire_\&_hci_management_node, Enterprise_linux 6.5
2014-06-05 CVE-2014-3469 The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Debian_linux, Gnutls, Libtasn1, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2014-06-05 CVE-2014-3467 Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Debian_linux, Arx_firmware, Gnutls, Libtasn1, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2014-06-05 CVE-2014-3468 The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. Debian_linux, Arx_firmware, Gnutls, Libtasn1, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2017-08-08 CVE-2016-4456 The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. Gnutls N/A
2020-01-27 CVE-2015-0294 GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. Debian_linux, Gnutls, Enterprise_linux N/A
2019-12-20 CVE-2015-8313 GnuTLS incorrectly validates the first byte of padding in CBC modes Debian_linux, Gnutls N/A
2017-04-14 CVE-2017-7869 GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. Gnutls 7.5