Product:

Gnutls

(Gnu)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 65
Date Id Summary Products Score Patch Annotated
2023-11-28 CVE-2023-5981 A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Fedora, Gnutls, Linux 5.9
2024-01-16 CVE-2024-0553 A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. Fedora, Gnutls, Enterprise_linux 7.5
2024-01-16 CVE-2024-0567 A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. Debian_linux, Fedora, Gnutls, Active_iq_unified_manager 7.5
2014-06-03 CVE-2014-3466 Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. Gnutls N/A
2008-11-13 CVE-2008-4989 The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). Ubuntu_linux, Debian_linux, Fedora, Gnutls, Opensuse, Linux_enterprise, Linux_enterprise_server 5.9