CVSS: 9.8EPSS: 5%CPEs: 11EXPL: 0CVE-2017-5334 – gnutls: Double-free while decoding crafted X.509 certificates
https://notcve.org/view.php?id=CVE-2017-5334
13 Jan 2017 — Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. La vulnerabilidad de liberación doble en la función gnutls_x509_ext_import_proxy de GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permite a los atacantes remotos tener un impacto no especificado a ... • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 4%CPEs: 11EXPL: 0CVE-2017-5335 – gnutls: Out of memory while parsing crafted OpenPGP certificate
https://notcve.org/view.php?id=CVE-2017-5335
13 Jan 2017 — The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. Las funciones de lectura de flujo en lib/opencdk/read-packet.c en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permiten a atacantes remotos provocar una denegación de servicio (fallo de memoria y error) Certificado OpenPGP. Stefan Buehler discovered tha... • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2017-5336 – gnutls: Stack overflow in cdk_pk_get_keyid
https://notcve.org/view.php?id=CVE-2017-5336
13 Jan 2017 — Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. El desbordamiento de búfer basado en la pila en la función cdk_pk_get_keyid en lib/opencdk/pubkey.c en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permite a atacantes remotos tener un impacto no especificado a través de un certificado OpenPGP manipulado. Ste... • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2017-5337 – gnutls: Heap read overflow in read-packet.c
https://notcve.org/view.php?id=CVE-2017-5337
13 Jan 2017 — Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. Múltiples desbordamientos de búfer basados en memoria dinámica en la función read_attribute en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permiten a los atacantes remotos tener un impacto no especificado a través de un certificado OpenPGP manipulado. Stefan Buehler discovere... • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-7444 – gnutls: Incorrect certificate validation when using OCSP responses (GNUTLS-SA-2016-3)
https://notcve.org/view.php?id=CVE-2016-7444
27 Sep 2016 — The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. La función gnutls_ocsp_resp_check_crt en lib/x509/ocsp.c en GnuTLS en versiones anteriores a 3.4.15 y 3.5.x en versiones anteriores a 3.5.4 no verifica la longitud de serie de una respuesta OCSP, lo qu... • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html • CWE-264: Permissions, Privileges, and Access Controls CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 6%CPEs: 23EXPL: 0CVE-2015-6251 – Ubuntu Security Notice USN-2727-1
https://notcve.org/view.php?id=CVE-2015-6251
24 Aug 2015 — Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. Vulnerabilidad de liberación doble en GnuTLS en versiones anteriores a la 3.3.17 y 3.4.x versiones anteriores a 3.4.4, permite a atacantes remotos causar una denegación de servicio a través de una entrada DistinguishedName (DN) de gran longitud en un certificado. It was discovered that GnuTLS incorrectly handled parsing CRL di... • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2015-3308 – Ubuntu Security Notice USN-2727-1
https://notcve.org/view.php?id=CVE-2015-3308
22 Jun 2015 — Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. Vulnerabilidad de liberación doble en lib/x509/x509_ext.c en GnuTLS en versiones anteriores a 3.3.14, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un punto de distribución CRL manipulado. It was discovered that GnuTLS incorrect... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0294 – gnutls: certificate algorithm consistency checking issue
https://notcve.org/view.php?id=CVE-2015-0294
16 Mar 2015 — GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. GnuTLS versiones anteriores a 3.3.13, no comprueba que los algoritmos de firma coincidan cuando se importa un certificado. It was discovered that GnuTLS did not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different flaw, could possibly lead to a bypass of the certificate signature check. The GnuTLS library provides support for crypto... • http://www.debian.org/security/2015/dsa-3191 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 99EXPL: 0CVE-2014-8564 – gnutls: Heap corruption when generating key ID for ECC (GNUTLS-SA-2014-5)
https://notcve.org/view.php?id=CVE-2014-8564
11 Nov 2014 — The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. La función _gnutls_ecc_ansi_x963_export en gnutls_ecc.c en GnuTLS 3.x anterior a 3.1.28, 3.2.x anterior a 3.2.20, y 3.3.x anterior a 3.3.10 permite a atacantes remotos... • http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html • CWE-122: Heap-based Buffer Overflow CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 6%CPEs: 38EXPL: 0CVE-2014-3468 – libtasn1: asn1_get_bit_der() can return negative bit length
https://notcve.org/view.php?id=CVE-2014-3468
03 Jun 2014 — The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. La función asn1_get_bit_der en GNU Libtasn1 anterior a 3.6 no informa debidamente de un error cuando una longitud de bit negativa está identificada, lo que permite a atacantes dependientes de contexto causar acceso fuera de rango a través de datos ASN.1 manipulados. Multiple buffer b... • http://advisories.mageia.org/MGASA-2014-0247.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size •