CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 0CVE-2014-3468 – libtasn1: asn1_get_bit_der() can return negative bit length
https://notcve.org/view.php?id=CVE-2014-3468
03 Jun 2014 — The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. La función asn1_get_bit_der en GNU Libtasn1 anterior a 3.6 no informa debidamente de un error cuando una longitud de bit negativa está identificada, lo que permite a atacantes dependientes de contexto causar acceso fuera de rango a través de datos ASN.1 manipulados. Multiple buffer b... • http://advisories.mageia.org/MGASA-2014-0247.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0CVE-2014-3469 – libtasn1: asn1_read_value_type() NULL pointer dereference
https://notcve.org/view.php?id=CVE-2014-3469
03 Jun 2014 — The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Las funciones (1) asn1_read_value_type y (2) asn1_read_value en GNU Libtasn1 anterior a 3.6 permite a atacantes dependientes de contexto causar una denegación de servicio (referencia de puntero nulo y caída) a través de un valor nulo en un argumento ivalue. Multiple buffer boundar... • http://advisories.mageia.org/MGASA-2014-0247.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 50%CPEs: 47EXPL: 3CVE-2014-3466 – gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3)
https://notcve.org/view.php?id=CVE-2014-3466
02 Jun 2014 — Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. Desbordamiento de buffer en la función read_server_hello en lib/gnutls_handshake.c en GnuTLS anterior a 3.1.25, 3.2.x anterior a 3.2.15 y 3.3.x anterior a 3.3.4 permite a servidores remotos causar una denegación d... • https://github.com/azet/CVE-2014-3466_PoC • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 1%CPEs: 35EXPL: 0CVE-2014-0092 – gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2)
https://notcve.org/view.php?id=CVE-2014-0092
03 Mar 2014 — lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. lib/x509/verify.c en GnuTLS anterior a 3.1.22 y 3.2.x anterior a 3.2.12 no maneja debidamente errores no especificados cuando verifica certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores a través de un certificad... • http://gnutls.org/security.html#GNUTLS-SA-2014-2 • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 1CVE-2014-1959 – Mandriva Linux Security Advisory 2014-043
https://notcve.org/view.php?id=CVE-2014-1959
20 Feb 2014 — lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. lib/x509/verify.c en GnuTLS anterior a 3.1.21 y 3.2.x anterior a 3.2.11 trata certificados X.509 de versión 1 como CAs intermedios, lo que permite a atacantes remotos evadir restricciones mediante el aprovechamiento de un certificado X.509 V1 de... • http://seclists.org/oss-sec/2014/q1/344 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 118EXPL: 2CVE-2013-1619 – gnutls: TLS CBC padding timing attack (lucky-13)
https://notcve.org/view.php?id=CVE-2013-1619
08 Feb 2013 — The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación de TLS en GnuTLS antes de v2.12.23, v3.0.x antes de v3.0.28, y v3.1.x ... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 93%CPEs: 92EXPL: 1CVE-2012-1573 – gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)
https://notcve.org/view.php?id=CVE-2012-1573
26 Mar 2012 — gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. gnutls_cipher.c en libgnutls en GnuTLS antes de v2.12.17 y v3.x antes de v3.0.15 no maneja adecuadamente los datos cifrados con un cifrado de bloques, lo que permite provocar una denegació... • http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 89%CPEs: 221EXPL: 1CVE-2012-1569 – libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)
https://notcve.org/view.php?id=CVE-2012-1569
26 Mar 2012 — The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. La función asn1_get_length_der en decoding.c en GNU libtasn1 antes de v2.12, tal y como se usa en GnuTLS antes del v3.0.16 y otros productos, no maneja... • http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 165EXPL: 2CVE-2012-1663 – GnuTLS libgnutls - Double-Free Certificate List Parsing Remote Denial of Service
https://notcve.org/view.php?id=CVE-2012-1663
13 Mar 2012 — Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list. Vulnerabilidad de doble liberación en libgnutls en GnuTLS antes de 3.0.14 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente tener un impacto no especificado a través de una lista de certificados modificados. • https://www.exploit-db.com/exploits/24865 • CWE-399: Resource Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 56EXPL: 0CVE-2012-0390
https://notcve.org/view.php?id=CVE-2012-0390
06 Jan 2012 — The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. La implementación DTLS en GnuTLS v3.0.10 y anteriores ejecuta codigo de gestion de errores sólo si existe una relación específica entre la longitud de relleno y el tamaño del texto cifrado, l... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html • CWE-310: Cryptographic Issues •