GNU GnuTLS 3.8.1

CPE Details

GNU GnuTLS 3.8.1
gnu
gnutls
3.8.1
2024-01-23
16h59 +00:00
2024-01-23
16h59 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:gnu:gnutls:3.8.1:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

gnutls

Version

3.8.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-0567 2024-01-16 14h01 +00:00 A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
7.5
Haute
CVE-2024-0553 2024-01-16 11h40 +00:00 A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
7.5
Haute
CVE-2009-1390 2009-06-16 18h26 +00:00 Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
6.8