VulnerableCode Package Details - pkg:deb/ubuntu/gnutls28@3.6.13-2ubuntu1.2

Search for packages

Package details: pkg:deb/ubuntu/gnutls28@3.6.13-2ubuntu1.2

Essentials
History (0)

purl	pkg:deb/ubuntu/gnutls28@3.6.13-2ubuntu1.2

Next non-vulnerable version	3.6.13-2ubuntu1.6
Latest non-vulnerable version	3.6.13-2ubuntu1.6
Risk	4.4

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-9gzv-9r4m-aaab Aliases: CVE-2020-24659 GNUTLS-SA-2020-09-04	An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.	3.6.13-2ubuntu1.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cy4t-gfcb-aaak Aliases: CVE-2021-20231	A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.	3.6.13-2ubuntu1.6 Affected by 0 other vulnerabilities.
VCID-x6hd-tczu-aaaf Aliases: CVE-2021-20232 GNUTLS-SA-2021-03-10	A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.	3.6.13-2ubuntu1.6 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version