Gnu

Gnutls

68 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2015-3308

  • EPSS 1.39%
  • Veröffentlicht 02.09.2015 14:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

5

CVE-2015-6251

  • EPSS 6.69%
  • Veröffentlicht 24.08.2015 14:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.

4.3

CVE-2014-8155

  • EPSS 0.29%
  • Veröffentlicht 14.08.2015 18:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.

5

CVE-2015-0282

  • EPSS 0.27%
  • Veröffentlicht 24.03.2015 17:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

5

CVE-2014-8564

  • EPSS 0.81%
  • Veröffentlicht 13.11.2014 21:32:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptograp...

5

CVE-2014-3465

  • EPSS 0.63%
  • Veröffentlicht 10.06.2014 14:55:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP d...

5

CVE-2014-3469

  • EPSS 4.68%
  • Veröffentlicht 05.06.2014 20:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

7.5

CVE-2014-3468

  • EPSS 6.27%
  • Veröffentlicht 05.06.2014 20:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

5

CVE-2014-3467

  • EPSS 6.62%
  • Veröffentlicht 05.06.2014 20:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

6.8

CVE-2014-3466

Exploit
  • EPSS 20.75%
  • Veröffentlicht 03.06.2014 14:55:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code...