CPE Details
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:gnu:gnutls:3.6.15:*:*:*:*:*:*:*
Informations
Vendor
gnuProduct
gnutlsVersion
3.6.15Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. | 7.5 |
HIGH |
||
| A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. | 6.5 |
MEDIUM |
||
| A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. | 7.5 |
HIGH |
||
| A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. | 9.8 |
CRITICAL |
||
| A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. | 9.8 |
CRITICAL |
||
| Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. | 6.8 |
2024©
tesweb SA
