VYPR

rpm package

opensuse/gnutls&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/gnutls&distro=openSUSE%20Tumbleweed

Vulnerabilities (50)

  • CVE-2014-0092Mar 7, 2014
    affected < 3.4.15-1.1fixed 3.4.15-1.1

    lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

  • CVE-2012-1573Mar 26, 2012
    affected < 3.4.15-1.1fixed 3.4.15-1.1

    gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated

  • CVE-2012-1569Mar 26, 2012
    affected < 3.4.15-1.1fixed 3.4.15-1.1

    The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application

  • CVE-2012-0390Jan 6, 2012
    affected < 3.4.15-1.1fixed 3.4.15-1.1

    The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel a

  • CVE-2011-4128Dec 8, 2011
    affected < 3.4.15-1.1fixed 3.4.15-1.1

    Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via

  • CVE-2008-4989MedNov 13, 2008
    affected < 3.4.15-1.1fixed 3.4.15-1.1

    The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate

  • CVE-2008-1950May 21, 2008
    affected < 3.7.2-1.2fixed 3.7.2-1.2

    Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Clie

  • CVE-2008-1949May 21, 2008
    affected < 3.7.2-1.2fixed 3.7.2-1.2

    The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL

  • CVE-2008-1948May 21, 2008
    affected < 3.7.2-1.2fixed 3.7.2-1.2

    The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a de

  • CVE-2006-4790Sep 14, 2006
    affected < 3.7.2-1.2fixed 3.7.2-1.2

    verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents

Page 3 of 3