Gnu

Gnutls

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2023-5981

  • EPSS 0.84%
  • Veröffentlicht 28.11.2023 12:15:07
  • Zuletzt bearbeitet 25.03.2026 20:01:09

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

7.4

CVE-2023-0361

Exploit
  • EPSS 3.62%
  • Veröffentlicht 15.02.2023 18:15:11
  • Zuletzt bearbeitet 19.03.2025 18:15:18

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a s...

6.5

CVE-2021-4209

  • EPSS 0.37%
  • Veröffentlicht 24.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:37:09

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances...

7.5

CVE-2022-2509

  • EPSS 0.63%
  • Veröffentlicht 01.08.2022 14:15:09
  • Zuletzt bearbeitet 02.12.2025 21:15:49

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

9.8

CVE-2021-20232

  • EPSS 0.84%
  • Veröffentlicht 12.03.2021 19:15:13
  • Zuletzt bearbeitet 03.12.2025 15:15:48

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

9.8

CVE-2021-20231

Exploit
  • EPSS 1.2%
  • Veröffentlicht 12.03.2021 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:10

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

7.5

CVE-2020-24659

Exploit
  • EPSS 3.63%
  • Veröffentlicht 04.09.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:15:26

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the app...

7.4

CVE-2020-13777

  • EPSS 1.52%
  • Veröffentlicht 04.06.2020 07:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:50

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-...

7.4

CVE-2020-11501

  • EPSS 11.49%
  • Veröffentlicht 03.04.2020 13:15:13
  • Zuletzt bearbeitet 21.11.2024 04:58:01

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes...

7.5

CVE-2015-0294

  • EPSS 0.43%
  • Veröffentlicht 27.01.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 02:22:45

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.