This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnu First view 2005-05-03
Product Gnutls Last view 2020-09-04
Version 1.0.23 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gnu:gnutls

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2020-09-04 CVE-2020-24659

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.

7.4 2020-06-04 CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.

7.4 2020-04-03 CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

7.5 2020-01-27 CVE-2015-0294

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.

5.9 2019-12-20 CVE-2015-8313

GnuTLS incorrectly validates the first byte of padding in CBC modes

7.5 2019-04-01 CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

7.5 2019-03-27 CVE-2019-3829

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

7.5 2017-06-16 CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.

7.5 2017-04-14 CVE-2017-7869

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.

9.8 2017-03-24 CVE-2017-5337

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.

9.8 2017-03-24 CVE-2017-5336

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.

7.5 2017-03-24 CVE-2017-5335

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

9.8 2017-03-24 CVE-2017-5334

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.

7.5 2016-09-27 CVE-2016-7444

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

7.5 2015-09-02 CVE-2015-3308

Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

4.3 2015-08-14 CVE-2014-8155

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.

5 2015-03-24 CVE-2015-0282

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

6.8 2014-06-03 CVE-2014-3466

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

5.8 2014-03-06 CVE-2014-1959

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.

5.8 2014-03-06 CVE-2014-0092

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

5.8 2014-03-06 CVE-2009-5138

GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.

5 2012-03-26 CVE-2012-1573

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

5 2012-03-26 CVE-2012-1569

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

7.5 2012-03-13 CVE-2012-1663

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

4.3 2012-01-05 CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.

CWE : Common Weakness Enumeration

%idName
22% (8) CWE-310 Cryptographic Issues
11% (4) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (3) CWE-264 Permissions, Privileges, and Access Controls
8% (3) CWE-189 Numeric Errors
5% (2) CWE-787 Out-of-bounds Write
5% (2) CWE-476 NULL Pointer Dereference
5% (2) CWE-415 Double Free
5% (2) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
5% (2) CWE-255 Credentials Management
2% (1) CWE-416 Use After Free
2% (1) CWE-399 Resource Management Errors
2% (1) CWE-295 Certificate Issues
2% (1) CWE-287 Improper Authentication
2% (1) CWE-203 Information Exposure Through Discrepancy
2% (1) CWE-125 Out-of-bounds Read
2% (1) CWE-17 Code

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-68 Subvert Code-signing Facilities

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78228 GnuTLS DTLS CBC Mode Plaintext Information Disclosure
77832 Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint...
75622 Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection
74335 Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection
71961 Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ...
71951 Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes...
70620 mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection
70055 Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi...
69561 IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex...
69032 Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext...
67029 HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla...
66315 HP Insight Manager TLS Renegotiation Handshakes MiTM Plaintext Data Injection
65202 OpenOffice.org (OOo) TLS Renegotiation Handshakes MiTM Plaintext Data Injection
64890 GnuTLS lib/gnutls_algorithms.c _gnutls_x509_oid2mac_algorithm Function Crafte...
64725 HP System Management Homepage (SMH) TLS Renegotiation Handshakes MiTM Plainte...
64499 ArubaOS HTTPS WebUI Admin Interface TLS Renegotiation Handshakes MiTM Plainte...
64040 IBM DB2 TLS Renegotiation Handshakes MiTM Plaintext Data Injection
63304 GnuTLS Library gnutls_x509_crt_get_serial Function Crafted X.509 Certificate ...
62877 SSH Tectia Audit Player TLS Renegotiation Handshakes MiTM Plaintext Data Inje...
62536 Blue Coat Products TLS Renegotiation Handshakes MiTM Plaintext Data Injection
62273 Opera TLS Renegotiation Handshakes MiTM Plaintext Data Injection
62210 Aruba Mobility Controller TLS Renegotiation Handshakes MiTM Plaintext Data In...
62135 Network Security Services (NSS) TLS Renegotiation Handshakes MiTM Plaintext D...
62064 IBM Java TLS Renegotiation Handshakes MiTM Plaintext Data Injection
61929 IBM WebSphere Application Server TLS Renegotiation Handshakes MiTM Plaintext ...

ExploitDB Exploits

id Description
32964 GnuTLS 2.6.x libgnutls lib/pk-libgcrypt.c Malformed DSA Key Handling Remote DoS
24865 GnuTLS libgnutls Double-free Certificate List Parsing Remote DoS
10579 TLS Renegotiation Vulnerability PoC Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-12 (libtasn1)
File : nvt/glsa_201209_12.nasl
2012-08-31 Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
File : nvt/gb_VMSA-2012-0013.nasl
2012-08-30 Name : Fedora Update for libtasn1 FEDORA-2012-4357
File : nvt/gb_fedora_2012_4357_libtasn1_fc17.nasl
2012-08-30 Name : Fedora Update for mingw-gnutls FEDORA-2012-4451
File : nvt/gb_fedora_2012_4451_mingw-gnutls_fc17.nasl
2012-08-30 Name : Fedora Update for mingw-libtasn1 FEDORA-2012-4451
File : nvt/gb_fedora_2012_4451_mingw-libtasn1_fc17.nasl
2012-08-30 Name : Fedora Update for mingw-p11-kit FEDORA-2012-4451
File : nvt/gb_fedora_2012_4451_mingw-p11-kit_fc17.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS)
File : nvt/glsa_201206_18.nasl
2012-08-03 Name : Mandriva Update for libtasn1 MDVSA-2012:039 (libtasn1)
File : nvt/gb_mandriva_MDVSA_2012_039.nasl
2012-08-03 Name : Mandriva Update for gnutls MDVSA-2012:040 (gnutls)
File : nvt/gb_mandriva_MDVSA_2012_040.nasl
2012-07-30 Name : CentOS Update for libtasn1 CESA-2012:0427 centos6
File : nvt/gb_CESA-2012_0427_libtasn1_centos6.nasl
2012-07-30 Name : CentOS Update for gnutls CESA-2012:0428 centos5
File : nvt/gb_CESA-2012_0428_gnutls_centos5.nasl
2012-07-30 Name : CentOS Update for gnutls CESA-2012:0429 centos6
File : nvt/gb_CESA-2012_0429_gnutls_centos6.nasl
2012-07-09 Name : RedHat Update for libtasn1 RHSA-2012:0427-01
File : nvt/gb_RHSA-2012_0427-01_libtasn1.nasl
2012-07-09 Name : RedHat Update for gnutls RHSA-2012:0429-01
File : nvt/gb_RHSA-2012_0429-01_gnutls.nasl
2012-05-04 Name : Ubuntu Update for libtasn1-3 USN-1436-1
File : nvt/gb_ubuntu_USN_1436_1.nasl
2012-04-30 Name : Debian Security Advisory DSA 2440-1 (libtasn1-3)
File : nvt/deb_2440_1.nasl
2012-04-30 Name : Debian Security Advisory DSA 2441-1 (gnutls26)
File : nvt/deb_2441_1.nasl
2012-04-30 Name : FreeBSD Ports: gnutls
File : nvt/freebsd_gnutls7.nasl
2012-04-30 Name : FreeBSD Ports: libtasn1
File : nvt/freebsd_libtasn1.nasl
2012-04-30 Name : Gentoo Security Advisory GLSA 201203-22 (nginx)
File : nvt/glsa_201203_22.nasl
2012-04-13 Name : Fedora Update for mingw-libtasn1 FEDORA-2012-4417
File : nvt/gb_fedora_2012_4417_mingw-libtasn1_fc15.nasl
2012-04-13 Name : Fedora Update for mingw32-gnutls FEDORA-2012-4417
File : nvt/gb_fedora_2012_4417_mingw32-gnutls_fc15.nasl
2012-04-11 Name : Fedora Update for libtasn1 FEDORA-2012-4308
File : nvt/gb_fedora_2012_4308_libtasn1_fc15.nasl
2012-04-11 Name : Fedora Update for libtasn1 FEDORA-2012-4342
File : nvt/gb_fedora_2012_4342_libtasn1_fc16.nasl
2012-04-11 Name : Fedora Update for gnutls FEDORA-2012-4569
File : nvt/gb_fedora_2012_4569_gnutls_fc15.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2012-A-0153 Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity: Category I - VMSKEY: V0033884
2012-A-0148 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0033794
2012-B-0048 Multiple Vulnerabilities in HP Systems Insight Manager
Severity: Category I - VMSKEY: V0032178
2012-B-0038 Multiple Vulnerabilities in HP Onboard Administrator
Severity: Category I - VMSKEY: V0031972
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158

Snort® IPS/IDS

Date Description
2019-09-10 GnuTLS x509 certificate validation policy bypass attempt
RuleID : 50946 - Type : SERVER-OTHER - Revision : 1
2014-07-05 GnuTLS Server Hello Session ID heap overflow attempt
RuleID : 31179 - Type : SERVER-OTHER - Revision : 5
2014-07-05 GnuTLS Server Hello Session ID heap overflow attempt
RuleID : 31178 - Type : SERVER-OTHER - Revision : 5
2014-07-05 GnuTLS Server Hello Session ID heap overflow attempt
RuleID : 31177 - Type : SERVER-OTHER - Revision : 5
2014-07-05 GnuTLS Server Hello Session ID heap overflow attempt
RuleID : 31176 - Type : SERVER-OTHER - Revision : 4
2014-01-10 Free Software Foundation GnuTLS record application integer overflow attempt
RuleID : 24996 - Type : SERVER-OTHER - Revision : 3
2014-01-10 Free Software Foundation GnuTLS record application integer overflow attempt
RuleID : 24995 - Type : SERVER-OTHER - Revision : 6

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0015.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0016.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0038.nasl - Type: ACT_GATHER_INFO
2018-04-03 Name: The remote web server may allow remote code execution.
File: iis_7_pci.nasl - Type: ACT_GATHER_INFO
2018-03-09 Name: The remote web server is affected by multiple vulnerabilities.
File: nginx_0_7_64.nasl - Type: ACT_GATHER_INFO
2017-11-17 Name: The remote host is affected by a MITM vulnerability.
File: fortios_FG-IR-17-137.nasl - Type: ACT_GATHER_INFO
2017-10-16 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-15.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1203.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1204.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-2292.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_gnutls_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-2292.nasl - Type: ACT_GATHER_INFO
2017-08-02 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2292.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-7936341c80.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f0d48eabe6.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-824.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1886-1.nasl - Type: ACT_GATHER_INFO
2017-07-12 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1838-1.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1115.nasl - Type: ACT_GATHER_INFO
2017-06-19 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3884.nasl - Type: ACT_GATHER_INFO
2017-06-14 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3318-1.nasl - Type: ACT_GATHER_INFO
2017-06-12 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1111.nasl - Type: ACT_GATHER_INFO
2017-06-12 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f646217583.nasl - Type: ACT_GATHER_INFO
2017-04-18 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-815.nasl - Type: ACT_GATHER_INFO
2017-04-06 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170321_gnutls_on_SL6_x.nasl - Type: ACT_GATHER_INFO