GNU GnuTLS 3.6.13

CPE Details

GNU GnuTLS 3.6.13
gnu
gnutls
3.6.13
2020-06-08
11h48 +00:00
2020-06-08
11h48 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:gnutls:3.6.13:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

gnutls

Version

3.6.13

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-0553 2024-01-16 11h40 +00:00 A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
7.5
High
CVE-2021-4209 2022-08-24 13h07 +00:00 A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
6.5
Medium
CVE-2022-2509 2022-08-01 12h01 +00:00 A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
7.5
High
CVE-2021-20232 2021-03-12 17h25 +00:00 A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
9.8
Critical
CVE-2021-20231 2021-03-12 17h23 +00:00 A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
9.8
Critical
CVE-2020-24659 2020-09-04 12h03 +00:00 An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
7.5
High
CVE-2020-13777 2020-06-04 05h01 +00:00 GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
7.4
High
CVE-2009-1390 2009-06-16 18h26 +00:00 Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
6.8
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.