Search for packages
| purl | pkg:deb/ubuntu/gnutls28@3.2.11-2ubuntu1 |
| Next non-vulnerable version | 3.6.13-2ubuntu1.6 |
| Latest non-vulnerable version | 3.6.13-2ubuntu1.6 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1tdc-hk6v-aaar
Aliases: CVE-2018-10846 |
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. |
Affected by 5 other vulnerabilities. |
|
VCID-1yha-b861-aaam
Aliases: CVE-2018-10845 |
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. |
Affected by 5 other vulnerabilities. |
|
VCID-2hsg-g1y2-aaaj
Aliases: CVE-2017-5336 |
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
Affected by 12 other vulnerabilities. |
|
VCID-2q8u-2qmc-aaam
Aliases: CVE-2019-3829 |
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. |
Affected by 9 other vulnerabilities. |
|
VCID-2zab-6bzp-aaae
Aliases: CVE-2015-7575 |
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
Affected by 18 other vulnerabilities. |
|
VCID-3cjv-9a1e-aaae
Aliases: CVE-2014-3466 |
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. |
Affected by 23 other vulnerabilities. |
|
VCID-5m9q-uc3k-aaak
Aliases: CVE-2015-6251 |
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. |
Affected by 19 other vulnerabilities. |
|
VCID-6jvx-nbvu-aaaq
Aliases: CVE-2016-7444 |
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. |
Affected by 17 other vulnerabilities. |
|
VCID-9gzv-9r4m-aaab
Aliases: CVE-2020-24659 GNUTLS-SA-2020-09-04 |
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. |
Affected by 2 other vulnerabilities. |
|
VCID-9ugy-hcxz-aaab
Aliases: CVE-2020-11501 GNUTLS-SA-2020-03-31 |
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. |
Affected by 4 other vulnerabilities. |
|
VCID-asqt-v7tf-aaar
Aliases: CVE-2018-10844 |
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. |
Affected by 5 other vulnerabilities. |
|
VCID-aycq-csac-aaaf
Aliases: CVE-2017-5335 |
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. |
Affected by 12 other vulnerabilities. |
|
VCID-c63t-pwx4-aaaj
Aliases: CVE-2014-8564 |
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. |
Affected by 21 other vulnerabilities. |
|
VCID-cy4t-gfcb-aaak
Aliases: CVE-2021-20231 |
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. |
Affected by 0 other vulnerabilities. |
|
VCID-dnrm-mtb4-aaah
Aliases: CVE-2016-8610 |
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. |
Affected by 16 other vulnerabilities. |
|
VCID-e5m6-uzg2-aaaj
Aliases: CVE-2020-13777 GNUTLS-SA-2020-06-03 |
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-f9sc-4new-aaad
Aliases: CVE-2018-16868 |
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. |
Affected by 5 other vulnerabilities. |
|
VCID-jtkx-8qe5-aaap
Aliases: CVE-2017-7507 |
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. |
Affected by 10 other vulnerabilities. |
|
VCID-nj19-8ex6-aaaj
Aliases: CVE-2014-3465 |
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. |
Affected by 22 other vulnerabilities. |
|
VCID-qg7d-asu5-aaad
Aliases: CVE-2017-5334 |
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. |
Affected by 12 other vulnerabilities. |
|
VCID-qyus-ebpw-aaaq
Aliases: CVE-2017-5337 |
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
Affected by 12 other vulnerabilities. |
|
VCID-wm9w-3u2d-aaap
Aliases: CVE-2015-0294 |
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. |
Affected by 20 other vulnerabilities. |
|
VCID-x6hd-tczu-aaaf
Aliases: CVE-2021-20232 GNUTLS-SA-2021-03-10 |
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. |
Affected by 0 other vulnerabilities. |
|
VCID-zr1z-nugx-aaak
Aliases: CVE-2017-7869 |
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. |
Affected by 11 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-13xf-5uk1-aaaa | lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. |
CVE-2014-1959
|
| VCID-33kz-nn98-aaad | Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. |
CVE-2013-4487
|
| VCID-b913-penc-aaaj | Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. |
CVE-2013-4466
|
| VCID-hsq5-y6va-aaae | The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. |
CVE-2013-1619
|
| VCID-stcz-2fq5-aaap | lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. |
CVE-2014-0092
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|