GNU GnuTLS 3.6.13

CPE Details

GNU GnuTLS 3.6.13
gnu
gnutls
3.6.13
2020-06-08
11h48 +00:00
2020-06-08
11h48 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:gnutls:3.6.13:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

gnutls

Version

3.6.13

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-0553 2024-01-16 11h40 +00:00 A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
7.5
High
CVE-2021-4209 2022-08-24 13h07 +00:00 A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
6.5
Medium
CVE-2022-2509 2022-08-01 12h01 +00:00 A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
7.5
High
CVE-2021-20232 2021-03-12 17h25 +00:00 A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
9.8
Critical
CVE-2021-20231 2021-03-12 17h23 +00:00 A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
9.8
Critical
CVE-2020-24659 2020-09-04 12h03 +00:00 An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
7.5
High
CVE-2020-13777 2020-06-04 05h01 +00:00 GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
7.4
High
CVE-2009-1390 2009-06-16 18h26 +00:00 Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
6.8