rpm package
suse/gnutls&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-10846 | — | < 3.2.15-18.6.1 | 3.2.15-18.6.1 | Aug 22, 2018 | A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. | ||
| CVE-2018-10845 | — | < 3.2.15-18.6.1 | 3.2.15-18.6.1 | Aug 22, 2018 | It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. | ||
| CVE-2018-10844 | — | < 3.2.15-18.6.1 | 3.2.15-18.6.1 | Aug 22, 2018 | It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. | ||
| CVE-2016-8610 | Hig | 7.5 | < 3.2.15-16.1 | 3.2.15-16.1 | Nov 13, 2017 | A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amoun | |
| CVE-2017-10790 | Hig | 7.5 | < 3.2.15-18.6.1 | 3.2.15-18.6.1 | Jul 2, 2017 | The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. | |
| CVE-2017-7507 | Hig | 7.5 | < 3.2.15-18.3.1 | 3.2.15-18.3.1 | Jun 16, 2017 | GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. | |
| CVE-2017-7869 | Hig | 7.5 | < 3.2.15-18.3.1 | 3.2.15-18.3.1 | Apr 14, 2017 | GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. | |
| CVE-2017-5337 | Cri | 9.8 | < 3.2.15-16.1 | 3.2.15-16.1 | Mar 24, 2017 | Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | |
| CVE-2017-5336 | Cri | 9.8 | < 3.2.15-16.1 | 3.2.15-16.1 | Mar 24, 2017 | Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. | |
| CVE-2017-5335 | Hig | 7.5 | < 3.2.15-16.1 | 3.2.15-16.1 | Mar 24, 2017 | The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. | |
| CVE-2016-7444 | Hig | 7.5 | < 3.2.15-16.1 | 3.2.15-16.1 | Sep 27, 2016 | The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailin |
- CVE-2018-10846Aug 22, 2018affected < 3.2.15-18.6.1fixed 3.2.15-18.6.1
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
- CVE-2018-10845Aug 22, 2018affected < 3.2.15-18.6.1fixed 3.2.15-18.6.1
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
- CVE-2018-10844Aug 22, 2018affected < 3.2.15-18.6.1fixed 3.2.15-18.6.1
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
- affected < 3.2.15-16.1fixed 3.2.15-16.1
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amoun
- affected < 3.2.15-18.6.1fixed 3.2.15-18.6.1
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
- affected < 3.2.15-18.3.1fixed 3.2.15-18.3.1
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
- affected < 3.2.15-18.3.1fixed 3.2.15-18.3.1
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
- affected < 3.2.15-16.1fixed 3.2.15-16.1
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
- affected < 3.2.15-16.1fixed 3.2.15-16.1
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
- affected < 3.2.15-16.1fixed 3.2.15-16.1
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
- affected < 3.2.15-16.1fixed 3.2.15-16.1
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailin