Search CVE reports
1 – 10 of 19 results
Some fixes available 5 of 8
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC...
3 affected packages
gnutls13, gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |
| gnutls28 | — | — | — | — |
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
3 affected packages
gnutls28, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls28 | — | — | — | — |
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |
Some fixes available 11 of 12
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption...
3 affected packages
gnutls13, gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |
| gnutls28 | — | — | — | — |
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to...
3 affected packages
gnutls13, gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |
| gnutls28 | — | — | — | — |
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to...
2 affected packages
gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows...
4 affected packages
gnutls11, gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls11 | — | — | — | — |
| gnutls12 | — | — | — | — |
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |
Some fixes available 25 of 34
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier,...
10 affected packages
apache2, gnutls12, gnutls13, gnutls26, libapache-mod-ssl...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | — | — | — | — |
| gnutls12 | — | — | — | — |
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |
| libapache-mod-ssl | — | — | — | — |
| nss | — | — | — | — |
| openjdk-6 | — | — | — | — |
| openjdk-6b18 | — | — | — | — |
| openssl | — | — | — | — |
| sun-java6 | — | — | — | — |
Some fixes available 5 of 6
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle...
4 affected packages
gnutls11, gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls11 | — | — | — | — |
| gnutls12 | — | — | — | — |
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers...
6 affected packages
gnutls12, gnutls13, gnutls26, nss, openjdk-6, openssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls12 | — | — | — | — |
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |
| nss | — | — | — | — |
| openjdk-6 | — | — | — | — |
| openssl | — | — | — | — |
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid,...
4 affected packages
gnutls11, gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls11 | — | — | — | — |
| gnutls12 | — | — | — | — |
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |