| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-20232 |
416 |
|
Mem. Corr. |
2021-03-12 |
2021-05-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. |
|
2 |
CVE-2021-20231 |
416 |
|
Mem. Corr. |
2021-03-12 |
2021-06-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. |
|
3 |
CVE-2020-24659 |
787 |
|
|
2020-09-04 |
2020-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. |
|
4 |
CVE-2020-13777 |
327 |
|
Bypass |
2020-06-04 |
2020-06-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. |
|
5 |
CVE-2020-11501 |
327 |
|
|
2020-04-03 |
2021-07-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. |
|
6 |
CVE-2019-3836 |
824 |
|
|
2019-04-01 |
2019-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. |
|
7 |
CVE-2019-3829 |
415 |
|
Mem. Corr. |
2019-03-27 |
2019-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. |
|
8 |
CVE-2018-16868 |
203 |
|
|
2018-12-03 |
2020-12-04 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. |
|
9 |
CVE-2018-10846 |
327 |
|
|
2018-08-22 |
2020-10-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. |
|
10 |
CVE-2018-10845 |
327 |
|
|
2018-08-22 |
2020-10-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. |
|
11 |
CVE-2018-10844 |
327 |
|
|
2018-08-22 |
2020-10-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. |
|
12 |
CVE-2017-7869 |
787 |
|
Overflow |
2017-04-14 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. |
|
13 |
CVE-2017-7507 |
476 |
|
|
2017-06-16 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. |
|
14 |
CVE-2017-5337 |
119 |
|
Overflow |
2017-03-24 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
|
15 |
CVE-2017-5336 |
119 |
|
Overflow |
2017-03-24 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
|
16 |
CVE-2017-5335 |
125 |
|
DoS |
2017-03-24 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. |
|
17 |
CVE-2017-5334 |
415 |
|
|
2017-03-24 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. |
|
18 |
CVE-2016-7444 |
264 |
|
Bypass |
2016-09-27 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. |
|
19 |
CVE-2015-8313 |
203 |
|
|
2019-12-20 |
2020-01-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
GnuTLS incorrectly validates the first byte of padding in CBC modes |
|
20 |
CVE-2015-3308 |
|
|
DoS |
2015-09-02 |
2016-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. |
|
21 |
CVE-2015-0294 |
295 |
|
|
2020-01-27 |
2020-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. |
|
22 |
CVE-2015-0282 |
310 |
|
|
2015-03-24 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. |
|
23 |
CVE-2014-8155 |
17 |
|
|
2015-08-14 |
2019-04-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. |
|
24 |
CVE-2014-3469 |
476 |
|
DoS |
2014-06-05 |
2020-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. |
|
25 |
CVE-2014-3468 |
131 |
|
|
2014-06-05 |
2020-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. |
|
26 |
CVE-2014-3467 |
|
|
DoS |
2014-06-05 |
2020-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. |
|
27 |
CVE-2014-3466 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2014-06-03 |
2017-12-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. |
|
28 |
CVE-2014-1959 |
264 |
|
Bypass |
2014-03-07 |
2016-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. |
|
29 |
CVE-2014-0092 |
310 |
|
|
2014-03-07 |
2016-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. |
|
30 |
CVE-2012-1663 |
399 |
1
|
DoS |
2012-03-13 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list. |
|
31 |
CVE-2012-1573 |
310 |
|
DoS Mem. Corr. |
2012-03-26 |
2018-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. |
|
32 |
CVE-2012-1569 |
189 |
|
DoS Mem. Corr. |
2012-03-26 |
2018-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. |
|
33 |
CVE-2012-0390 |
310 |
|
Exec Code |
2012-01-06 |
2014-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. |
|
34 |
CVE-2010-0731 |
119 |
|
Overflow Bypass |
2010-03-26 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. |
|
35 |
CVE-2009-5138 |
264 |
|
Bypass |
2014-03-07 |
2014-04-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. |
|
36 |
CVE-2009-3555 |
310 |
|
|
2009-11-09 |
2021-02-05 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. |
|
37 |
CVE-2009-2730 |
310 |
|
|
2009-08-12 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. |
|
38 |
CVE-2009-2409 |
310 |
|
|
2009-07-30 |
2018-10-10 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. |
|
39 |
CVE-2009-1417 |
310 |
|
|
2009-04-30 |
2017-08-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. |
|
40 |
CVE-2009-1415 |
255 |
|
DoS |
2009-04-30 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free. |
|
41 |
CVE-2008-4989 |
255 |
|
|
2008-11-13 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). |
|
42 |
CVE-2006-7239 |
310 |
|
DoS |
2010-05-24 |
2010-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. |
