Gnu

Gnutls

74 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.59%
  • Veröffentlicht 27.01.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 02:22:45

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.

  • EPSS 1.69%
  • Veröffentlicht 20.12.2019 14:15:11
  • Zuletzt bearbeitet 21.11.2024 02:38:16

GnuTLS incorrectly validates the first byte of padding in CBC modes

Exploit
  • EPSS 3.4%
  • Veröffentlicht 01.04.2019 15:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:39

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

Exploit
  • EPSS 58.97%
  • Veröffentlicht 27.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:37

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is...

  • EPSS 0.57%
  • Veröffentlicht 03.12.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:29

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this ...

  • EPSS 3.62%
  • Veröffentlicht 22.08.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:07

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing dat...

  • EPSS 3.62%
  • Veröffentlicht 22.08.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:07

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data...

  • EPSS 0.39%
  • Veröffentlicht 22.08.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:07

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain ...

  • EPSS 2.2%
  • Veröffentlicht 08.08.2017 21:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.

  • EPSS 3.41%
  • Veröffentlicht 16.06.2017 19:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.