VYPR

mod_gnutls

by mod_gnutls

Source repositories

CVEs (75)

  • CVE-2024-12243MedFeb 10, 2025
    risk 0.35cvss 5.3epss 0.01

    A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to…

  • CVE-2024-28834MedMar 21, 2024
    risk 0.35cvss 5.3epss 0.01

    A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a…

  • CVE-2025-32989MedJul 10, 2025
    risk 0.34cvss 5.3epss 0.01

    A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT…

  • CVE-2024-28835MedMar 21, 2024
    risk 0.33cvss 5.0epss 0.00

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

  • CVE-2026-42015MedMay 26, 2026
    risk 0.27cvss 5.3epss 0.01

    A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could…

  • CVE-2025-14831MedFeb 9, 2026
    risk 0.27cvss 5.3epss 0.01

    A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

  • CVE-2025-9820MedJan 26, 2026
    risk 0.26cvss 4.0epss 0.00

    A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error…

  • CVE-2026-5419LowJun 1, 2026
    risk 0.17cvss 3.7epss 0.00

    A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This…

  • CVE-2026-3832LowApr 30, 2026
    risk 0.17cvss 3.7epss 0.01

    A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with…

  • CVE-2009-1415Apr 30, 2009
    risk 0.04cvss epss 0.08

    lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of…

  • CVE-2012-1663Mar 13, 2012
    risk 0.03cvss epss 0.05

    Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

  • CVE-2015-6251Aug 24, 2015
    risk 0.02cvss epss 0.19

    Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.

  • CVE-2014-0092Mar 7, 2014
    risk 0.02cvss epss 0.30

    lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

  • CVE-2014-3465Jun 10, 2014
    risk 0.01cvss epss 0.07

    The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when…

  • CVE-2014-3466Jun 3, 2014
    risk 0.01cvss epss 0.11

    Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a…

  • CVE-2013-1619Feb 8, 2013
    risk 0.01cvss epss 0.06

    The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct…

  • CVE-2008-1948May 21, 2008
    risk 0.01cvss epss 0.12

    The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a…

  • CVE-2026-33308Mar 24, 2026
    risk 0.00cvss epss 0.00

    Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a…

  • CVE-2026-33307Mar 24, 2026
    risk 0.00cvss epss 0.00

    Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size `gnutls_x509_crt_t x509[]` array without checking the number of…

  • CVE-2024-0567Jan 16, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to…