Search for packages
| purl | pkg:deb/ubuntu/gnutls28@3.5.3-3ubuntu1 |
| Next non-vulnerable version | 3.6.13-2ubuntu1.6 |
| Latest non-vulnerable version | 3.6.13-2ubuntu1.6 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1tdc-hk6v-aaar
Aliases: CVE-2018-10846 |
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. |
Affected by 5 other vulnerabilities. |
|
VCID-1yha-b861-aaam
Aliases: CVE-2018-10845 |
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. |
Affected by 5 other vulnerabilities. |
|
VCID-2hsg-g1y2-aaaj
Aliases: CVE-2017-5336 |
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
Affected by 12 other vulnerabilities. |
|
VCID-2q8u-2qmc-aaam
Aliases: CVE-2019-3829 |
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. |
Affected by 9 other vulnerabilities. |
|
VCID-6jvx-nbvu-aaaq
Aliases: CVE-2016-7444 |
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. |
Affected by 17 other vulnerabilities. |
|
VCID-9gzv-9r4m-aaab
Aliases: CVE-2020-24659 GNUTLS-SA-2020-09-04 |
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. |
Affected by 2 other vulnerabilities. |
|
VCID-9ugy-hcxz-aaab
Aliases: CVE-2020-11501 GNUTLS-SA-2020-03-31 |
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. |
Affected by 4 other vulnerabilities. |
|
VCID-asqt-v7tf-aaar
Aliases: CVE-2018-10844 |
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. |
Affected by 5 other vulnerabilities. |
|
VCID-aycq-csac-aaaf
Aliases: CVE-2017-5335 |
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. |
Affected by 12 other vulnerabilities. |
|
VCID-cy4t-gfcb-aaak
Aliases: CVE-2021-20231 |
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. |
Affected by 0 other vulnerabilities. |
|
VCID-dnrm-mtb4-aaah
Aliases: CVE-2016-8610 |
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. |
Affected by 16 other vulnerabilities. |
|
VCID-e5m6-uzg2-aaaj
Aliases: CVE-2020-13777 GNUTLS-SA-2020-06-03 |
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-f9sc-4new-aaad
Aliases: CVE-2018-16868 |
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. |
Affected by 5 other vulnerabilities. |
|
VCID-jtkx-8qe5-aaap
Aliases: CVE-2017-7507 |
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. |
Affected by 10 other vulnerabilities. |
|
VCID-qg7d-asu5-aaad
Aliases: CVE-2017-5334 |
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. |
Affected by 12 other vulnerabilities. |
|
VCID-qyus-ebpw-aaaq
Aliases: CVE-2017-5337 |
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
Affected by 12 other vulnerabilities. |
|
VCID-x6hd-tczu-aaaf
Aliases: CVE-2021-20232 GNUTLS-SA-2021-03-10 |
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. |
Affected by 0 other vulnerabilities. |
|
VCID-zr1z-nugx-aaak
Aliases: CVE-2017-7869 |
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. |
Affected by 11 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|