Search CVE reports
1 – 10 of 19 results
CVE-2013-1619
Medium prioritySome fixes available 5 of 8
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC...
3 affected packages
gnutls13, gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls13 | — | — | — | — | Not in release |
| gnutls26 | — | — | — | — | Not in release |
| gnutls28 | — | — | — | — | Not affected |
CVE-2012-1573
Medium prioritySome fixes available 11 of 12
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption...
3 affected packages
gnutls13, gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls13 | — | — | — | — | Not in release |
| gnutls26 | — | — | — | — | Not in release |
| gnutls28 | — | — | — | — | Not affected |
CVE-2012-1663
Low priorityDouble free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
3 affected packages
gnutls13, gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls13 | — | — | — | — | Not in release |
| gnutls26 | — | — | — | — | Not in release |
| gnutls28 | — | — | — | — | Not affected |
CVE-2012-0390
Medium priorityThe DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to...
3 affected packages
gnutls13, gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
| gnutls28 | — | — | — | — | — |
CVE-2011-4128
Low priorityBuffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to...
2 affected packages
gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
CVE-2006-7239
Medium priorityThe _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not...
4 affected packages
gnutls11, gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls11 | — | — | — | — | — |
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
CVE-2010-0731
Medium priorityThe gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows...
4 affected packages
gnutls11, gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls11 | — | — | — | — | — |
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
CVE-2009-3555
Medium prioritySome fixes available 25 of 34
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier,...
10 affected packages
apache2, gnutls12, gnutls13, gnutls26, libapache-mod-ssl...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | — | — |
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
| libapache-mod-ssl | — | — | — | — | — |
| nss | — | — | — | — | — |
| openjdk-6 | — | — | — | — | — |
| openjdk-6b18 | — | — | — | — | — |
| openssl | — | — | — | — | — |
| sun-java6 | — | — | — | — | — |
CVE-2009-2730
Medium prioritySome fixes available 5 of 6
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle...
4 affected packages
gnutls11, gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls11 | — | — | — | — | — |
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
CVE-2009-2409
Medium priorityThe Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers...
6 affected packages
gnutls12, gnutls13, gnutls26, nss, openjdk-6, openssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
| nss | — | — | — | — | — |
| openjdk-6 | — | — | — | — | — |
| openssl | — | — | — | — | — |