VYPR

rpm package

opensuse/gnutls&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/gnutls&distro=openSUSE%20Tumbleweed

Vulnerabilities (50)

  • CVE-2024-12243MedFeb 10, 2025
    affected < 3.8.9-1.1fixed 3.8.9-1.1

    A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to sen

  • CVE-2024-12133MedFeb 10, 2025
    affected < 3.8.9-1.1fixed 3.8.9-1.1

    A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially craft

  • CVE-2024-28834MedMar 21, 2024
    affected < 3.8.4-1.1fixed 3.8.4-1.1

    A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noti

  • CVE-2024-28835MedMar 21, 2024
    affected < 3.8.4-1.1fixed 3.8.4-1.1

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

  • CVE-2024-0567Jan 16, 2024
    affected < 3.8.3-1.1fixed 3.8.3-1.1

    A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to in

  • CVE-2024-0553Jan 16, 2024
    affected < 3.8.3-1.1fixed 3.8.3-1.1

    A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-

  • CVE-2023-5981Nov 28, 2023
    affected < 3.8.2-1.1fixed 3.8.2-1.1

    A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

  • CVE-2023-0361Feb 15, 2023
    affected < 3.7.9-1.2fixed 3.7.9-1.2

    A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attac

  • CVE-2022-2509Aug 1, 2022
    affected < 3.7.7-1.1fixed 3.7.7-1.1

    A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

  • CVE-2021-20232Mar 12, 2021
    affected < 3.7.2-1.2fixed 3.7.2-1.2

    A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

  • CVE-2020-13777Jun 4, 2020
    affected < 3.7.2-1.2fixed 3.7.2-1.2

    GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first

  • CVE-2019-3836Apr 1, 2019
    affected < 3.7.2-1.2fixed 3.7.2-1.2

    It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

  • CVE-2019-3829Mar 27, 2019
    affected < 3.7.2-1.2fixed 3.7.2-1.2

    A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

  • CVE-2018-10846MedAug 22, 2018
    affected < 3.7.2-1.2fixed 3.7.2-1.2

    A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

  • CVE-2016-8610HigNov 13, 2017
    affected < 3.7.2-1.2fixed 3.7.2-1.2

    A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amoun

  • CVE-2017-7869HigApr 14, 2017
    affected < 3.7.2-1.2fixed 3.7.2-1.2

    GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.

  • CVE-2015-6251Aug 24, 2015
    affected < 3.4.15-1.1fixed 3.4.15-1.1

    Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.

  • CVE-2014-8564Nov 13, 2014
    affected < 3.4.15-1.1fixed 3.4.15-1.1

    The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) ce

  • CVE-2014-3466Jun 3, 2014
    affected < 3.4.15-1.1fixed 3.4.15-1.1

    Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a Se

  • CVE-2014-1959Mar 7, 2014
    affected < 3.4.15-1.1fixed 3.4.15-1.1

    lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.