Product:

Gnutls

(Gnu)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 67
Date Id Summary Products Score Patch Annotated
2025-07-10 CVE-2025-32989 A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not... Gnutls, Enterprise_linux, Openshift_container_platform N/A
2025-07-10 CVE-2025-32990 A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. Gnutls, Enterprise_linux, Openshift_container_platform 8.2
2023-02-15 CVE-2023-0361 A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data... Debian_linux, Fedora, Gnutls, Active_iq_unified_manager, Converged_systems_advisor_agent, Ontap_select_deploy_administration_utility, Enterprise_linux 7.4
2020-06-04 CVE-2020-13777 GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. Ubuntu_linux, Debian_linux, Fedora, Gnutls 7.4
2020-09-04 CVE-2020-24659 An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. Ubuntu_linux, Fedora, Gnutls, Leap 7.5
2021-03-12 CVE-2021-20231 A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. Fedora, Gnutls, Active_iq_unified_manager, E\-Series_performance_analyzer, Enterprise_linux 9.8
2021-03-12 CVE-2021-20232 A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. Fedora, Gnutls, Enterprise_linux 9.8
2022-08-01 CVE-2022-2509 A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. Debian_linux, Fedora, Gnutls, Enterprise_linux 7.5
2022-08-24 CVE-2021-4209 A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. Gnutls, Active_iq_unified_manager, Hci_bootstrap_os, Solidfire_\&_hci_management_node, Enterprise_linux 6.5
2023-11-28 CVE-2023-5981 A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Fedora, Gnutls, Linux 5.9