VYPR

rpm package

almalinux/gnutls-dane

pkg:rpm/almalinux/gnutls-dane

Vulnerabilities (17)

  • CVE-2025-14831MedFeb 9, 2026
    affected < 3.8.10-3.el10_1fixed 3.8.10-3.el10_1

    A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

  • CVE-2025-9820MedJan 26, 2026
    affected < 3.8.10-3.el10_1fixed 3.8.10-3.el10_1

    A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error c

  • CVE-2025-6395MedJul 10, 2025
    affected < 3.8.9-9.el10_0.14fixed 3.8.9-9.el10_0.14

    A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

  • CVE-2025-32990MedJul 10, 2025
    affected < 3.8.9-9.el10_0.14fixed 3.8.9-9.el10_0.14

    A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory

  • CVE-2025-32989MedJul 10, 2025
    affected < 3.8.9-9.el10_0.14fixed 3.8.9-9.el10_0.14

    A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extensi

  • CVE-2025-32988MedJul 10, 2025
    affected < 3.8.9-9.el10_0.14fixed 3.8.9-9.el10_0.14

    A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure()

  • CVE-2024-12243MedFeb 10, 2025
    affected < 3.6.16-8.el8_10.3fixed 3.6.16-8.el8_10.3

    A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to sen

  • CVE-2024-28834MedMar 21, 2024
    affected < 3.6.16-8.el8_9.3fixed 3.6.16-8.el8_9.3

    A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noti

  • CVE-2024-28835MedMar 21, 2024
    affected < 3.7.6-23.el9_3.4fixed 3.7.6-23.el9_3.4

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

  • CVE-2024-0567Jan 16, 2024
    affected < 3.7.6-23.el9_3.3fixed 3.7.6-23.el9_3.3

    A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to in

  • CVE-2024-0553Jan 16, 2024
    affected < 3.7.6-23.el9_3.3fixed 3.7.6-23.el9_3.3

    A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-

  • CVE-2023-5981Nov 28, 2023
    affected < 3.6.16-8.el8_9fixed 3.6.16-8.el8_9

    A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

  • CVE-2023-0361Feb 15, 2023
    affected < 3.7.6-18.el9_1fixed 3.7.6-18.el9_1

    A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attac

  • CVE-2022-2509Aug 1, 2022
    affected < 3.7.6-12.el9_0fixed 3.7.6-12.el9_0

    A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

  • CVE-2021-3580Aug 5, 2021
    affected < 3.6.16-4.el8fixed 3.6.16-4.el8

    A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

  • CVE-2021-20232Mar 12, 2021
    affected < 3.6.16-4.el8fixed 3.6.16-4.el8

    A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

  • CVE-2021-20231Mar 12, 2021
    affected < 3.6.16-4.el8fixed 3.6.16-4.el8

    A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.