Search CVE reports
1 – 10 of 52 results
CVE-2021-4209
Low prioritySome fixes available 3 of 5
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication...
2 affected packages
gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls26 | Not in release | Not in release | Not in release | Not in release | Not in release |
| gnutls28 | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2019-3836
Medium priorityIt was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
2 affected packages
gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls26 | — | — | — | Not in release | Not in release |
| gnutls28 | — | — | — | Not affected | Not affected |
CVE-2019-3829
Medium priorityA vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with...
2 affected packages
gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls26 | — | — | — | Not in release | Not in release |
| gnutls28 | — | — | — | Fixed | Not affected |
CVE-2018-16868
Low prioritySome fixes available 9 of 13
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the...
2 affected packages
gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls26 | — | Not in release | Not in release | Not in release | Not in release |
| gnutls28 | — | Fixed | Fixed | Ignored | Ignored |
CVE-2018-10846
Medium prioritySome fixes available 2 of 3
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13...
2 affected packages
gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls26 | Not in release | Not in release | Not in release | Not in release | Not in release |
| gnutls28 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2018-10845
Medium prioritySome fixes available 2 of 3
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical...
2 affected packages
gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls26 | Not in release | Not in release | Not in release | Not in release | Not in release |
| gnutls28 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2018-10844
Medium prioritySome fixes available 2 of 3
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical...
2 affected packages
gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls26 | Not in release | Not in release | Not in release | Not in release | Not in release |
| gnutls28 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2017-7507
Medium priorityGnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
2 affected packages
gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls26 | — | — | — | Not in release | Not in release |
| gnutls28 | — | — | — | Fixed | Fixed |
CVE-2017-7869
Low prioritySome fixes available 4 of 6
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's...
2 affected packages
gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls26 | — | — | Not in release | Not in release | Not in release |
| gnutls28 | — | — | Not affected | Not affected | Fixed |
CVE-2017-5337
Medium prioritySome fixes available 9 of 10
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
2 affected packages
gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls26 | — | — | — | Not in release | Not in release |
| gnutls28 | — | — | — | Fixed | Fixed |