rpm package
opensuse/gnutls&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/gnutls&distro=openSUSE%20Tumbleweed
Vulnerabilities (44)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-1950 | — | < 3.7.2-1.2 | 3.7.2-1.2 | May 21, 2008 | Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Clie | ||
| CVE-2008-1949 | — | < 3.7.2-1.2 | 3.7.2-1.2 | May 21, 2008 | The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL | ||
| CVE-2008-1948 | — | < 3.7.2-1.2 | 3.7.2-1.2 | May 21, 2008 | The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a de | ||
| CVE-2006-4790 | — | < 3.7.2-1.2 | 3.7.2-1.2 | Sep 14, 2006 | verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents |
- CVE-2008-1950May 21, 2008affected < 3.7.2-1.2fixed 3.7.2-1.2
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Clie
- CVE-2008-1949May 21, 2008affected < 3.7.2-1.2fixed 3.7.2-1.2
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL
- CVE-2008-1948May 21, 2008affected < 3.7.2-1.2fixed 3.7.2-1.2
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a de
- CVE-2006-4790Sep 14, 2006affected < 3.7.2-1.2fixed 3.7.2-1.2
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents
Page 3 of 3