Search for packages
| purl | pkg:deb/ubuntu/gnutls26@2.12.23-12ubuntu2.6 |
| Next non-vulnerable version | 2.12.23-12ubuntu2.8 |
| Latest non-vulnerable version | 2.12.23-12ubuntu2.8 |
| Risk | 3.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-zr1z-nugx-aaak
Aliases: CVE-2017-7869 |
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2hsg-g1y2-aaaj | Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
CVE-2017-5336
|
| VCID-aycq-csac-aaaf | The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. |
CVE-2017-5335
|
| VCID-dnrm-mtb4-aaah | A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. |
CVE-2016-8610
|
| VCID-qyus-ebpw-aaaq | Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
CVE-2017-5337
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|