VYPR

Vendor CVEs

mod_gnutls

All CVEs

75 total · sorted by risk
  • CVE-2015-8313Dec 20, 2019
    risk 0.00cvss epss 0.02

    GnuTLS incorrectly validates the first byte of padding in CBC modes

  • CVE-2019-3836Apr 1, 2019
    risk 0.00cvss epss 0.03

    It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

  • CVE-2019-3829Mar 27, 2019
    risk 0.00cvss epss 0.59

    A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

  • CVE-2018-16868Dec 3, 2018
    risk 0.00cvss epss 0.01

    A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in…

  • CVE-2015-3308Sep 2, 2015
    risk 0.00cvss epss 0.04

    Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

  • CVE-2014-8155Aug 14, 2015
    risk 0.00cvss epss 0.01

    GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.

  • CVE-2015-0282Mar 24, 2015
    risk 0.00cvss epss 0.01

    GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

  • CVE-2014-8564Nov 13, 2014
    risk 0.00cvss epss 0.03

    The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2)…

  • CVE-2014-1959Mar 7, 2014
    risk 0.00cvss epss 0.03

    lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.

  • CVE-2009-5138Mar 7, 2014
    risk 0.00cvss epss 0.02

    GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new…

  • CVE-2013-4487Nov 20, 2013
    risk 0.00cvss epss 0.02

    Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an…

  • CVE-2013-4466Nov 20, 2013
    risk 0.00cvss epss 0.02

    Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.

  • CVE-2013-2116Jul 3, 2013
    risk 0.00cvss epss 0.04

    The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.

  • CVE-2012-1573Mar 26, 2012
    risk 0.00cvss epss 0.04

    gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as…

  • CVE-2012-0390Jan 6, 2012
    risk 0.00cvss epss 0.01

    The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel…

  • CVE-2011-4128Dec 8, 2011
    risk 0.00cvss epss 0.02

    Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash)…

  • CVE-2006-7239May 24, 2010
    risk 0.00cvss epss 0.02

    The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer…

  • CVE-2010-0731Mar 26, 2010
    risk 0.00cvss epss 0.03

    The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate…

  • CVE-2009-2409Jul 30, 2009
    risk 0.00cvss epss 0.05

    The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws…

  • CVE-2009-1417Apr 30, 2009
    risk 0.00cvss epss 0.01

    gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the…

  • CVE-2008-1950May 21, 2008
    risk 0.00cvss epss 0.05

    Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted…

  • CVE-2008-1949May 21, 2008
    risk 0.00cvss epss 0.06

    The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service…

  • CVE-2006-4790Sep 14, 2006
    risk 0.00cvss epss 0.02

    verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and…

  • CVE-2005-1431May 3, 2005
    risk 0.00cvss epss 0.02

    The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.

  • CVE-2004-2531Dec 31, 2004
    risk 0.00cvss epss 0.02

    X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.

Page 2 of 2