English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

GNU GnuTLS 3.6.12

CPE Details

GNU GnuTLS 3.6.12
gnu
gnutls
3.6.12
2020-06-08 11:48 +00:00
2020-06-08 11:48 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:gnu:gnutls:3.6.12:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

gnutls

Version

3.6.12

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-0553 2024-01-16 11:40 +00:00 A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
7.5
HIGH
CVE-2021-4209 2022-08-24 13:07 +00:00 A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
6.5
MEDIUM
CVE-2022-2509 2022-08-01 12:01 +00:00 A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
7.5
HIGH
CVE-2021-20232 2021-03-12 17:25 +00:00 A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
9.8
CRITICAL
CVE-2021-20231 2021-03-12 17:23 +00:00 A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
9.8
CRITICAL
CVE-2020-24659 2020-09-04 12:03 +00:00 An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
7.5
HIGH
CVE-2020-13777 2020-06-04 05:01 +00:00 GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
7.4
HIGH
CVE-2020-11501 2020-04-03 10:42 +00:00 GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
7.4
HIGH
CVE-2009-1390 2009-06-16 18:26 +00:00 Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
6.8

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.