Search for packages
| purl | pkg:deb/ubuntu/gnutls26@2.12.14-5ubuntu3.11 |
| Next non-vulnerable version | 2.12.23-12ubuntu2.8 |
| Latest non-vulnerable version | 2.12.23-12ubuntu2.8 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-13xf-5uk1-aaaa
Aliases: CVE-2014-1959 |
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. |
Affected by 11 other vulnerabilities. |
|
VCID-2hsg-g1y2-aaaj
Aliases: CVE-2017-5336 |
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
Affected by 1 other vulnerability. |
|
VCID-2zab-6bzp-aaae
Aliases: CVE-2015-7575 |
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
Affected by 5 other vulnerabilities. |
|
VCID-3cjv-9a1e-aaae
Aliases: CVE-2014-3466 |
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. |
Affected by 9 other vulnerabilities. |
|
VCID-aycq-csac-aaaf
Aliases: CVE-2017-5335 |
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. |
Affected by 1 other vulnerability. |
|
VCID-dnrm-mtb4-aaah
Aliases: CVE-2016-8610 |
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. |
Affected by 1 other vulnerability. |
|
VCID-dv9u-5h4j-aaae
Aliases: CVE-2015-8313 |
GnuTLS incorrectly validates the first byte of padding in CBC modes |
Affected by 6 other vulnerabilities. |
|
VCID-hsq5-y6va-aaae
Aliases: CVE-2013-1619 |
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. |
Affected by 13 other vulnerabilities. |
|
VCID-qyus-ebpw-aaaq
Aliases: CVE-2017-5337 |
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
Affected by 1 other vulnerability. |
|
VCID-sj73-kvv9-aaad
Aliases: CVE-2013-2116 |
CVE-2013-2116 gnutls: out of bounds read in _gnutls_ciphertext2compressed (GNUTLS-SA-2013-2) |
Affected by 12 other vulnerabilities. |
|
VCID-stcz-2fq5-aaap
Aliases: CVE-2014-0092 |
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. |
Affected by 10 other vulnerabilities. |
|
VCID-uxsr-unmu-aaak
Aliases: CVE-2015-0282 |
GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. |
Affected by 7 other vulnerabilities. |
|
VCID-wm9w-3u2d-aaap
Aliases: CVE-2015-0294 |
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. |
Affected by 7 other vulnerabilities. |
|
VCID-zr1z-nugx-aaak
Aliases: CVE-2017-7869 |
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|