CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2018-10845 – gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant
https://notcve.org/view.php?id=CVE-2018-10845
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. Se ha detectado que la implementación GnuTLS de HMAC-SHA-384 era vulnerable a un ataque de estilo Lucky Thirteen. Los atacantes remotos podrían utilizar este fallo para realizar ataques de distinción y de recuperación en texto plano mediante análisis estadísticos de datos temporales mediante paquetes manipulados. It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. • http://www.securityfocus.com/bid/105138 https://access.redhat.com/errata/RHSA-2018:3050 https://access.redhat.com/errata/RHSA-2018:3505 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845 https://eprint.iacr.org/2018/747 https://gitlab.com/gnutls/gnutls/merge_requests/657 https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ https://lists.fedor • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4456
https://notcve.org/view.php?id=CVE-2016-4456
The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. La variable de entorno "GNUTLS_KEYLOGFILE" en gnutls 3.4.12 permite que atacantes remotos sobrescriban y corrompan archivos arbitrarios en el sistema de archivos. • http://www.openwall.com/lists/oss-security/2016/06/07/6 https://bugzilla.redhat.com/show_bug.cgi?id=1343505 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 28%CPEs: 1EXPL: 0CVE-2017-7507 – gnutls: Crash upon receiving well-formed status_request extension
https://notcve.org/view.php?id=CVE-2017-7507
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. GnuTLS versión 3.5.12 y anteriores, es vulnerable a una desreferencia del puntero NULL durante la descodificación de una extensión TLS de respuesta de estado con contenido válido. Esto podría conllevar a un bloqueo de la aplicación del servidor GnuTLS. A null pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. • http://www.debian.org/security/2017/dsa-3884 http://www.securityfocus.com/bid/99102 https://access.redhat.com/errata/RHSA-2017:2292 https://www.gnutls.org/security.html#GNUTLS-SA-2017-4 https://access.redhat.com/security/cve/CVE-2017-7507 https://bugzilla.redhat.com/show_bug.cgi?id=1454621 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7869 – gnutls: Out-of-bounds write related to the cdk_pkt_read function (GNUTLS-SA-2017-3)
https://notcve.org/view.php?id=CVE-2017-7869
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. GnuTLS en versiones anteriores a 20-02-2017 tiene una escritura fuera de límites provocado por un desbordamiento de entero y desbordamiento de búfer basado en memoria dinámica en relación con la función cdk_pkt_read en opencdk/read-packet.c. Este problema (que es un subconjunto del informe GNUTLS-SA-2017-3 del proveedor) se fija en 3.5.10. • http://www.securityfocus.com/bid/97040 https://access.redhat.com/errata/RHSA-2017:2292 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe https://www.gnutls.org/security.html https://access.redhat.com/security/cve/CVE-2017-7869 https://bugzilla.redhat.com/show_bug.cgi?id=1443033 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 0CVE-2017-5335 – gnutls: Out of memory while parsing crafted OpenPGP certificate
https://notcve.org/view.php?id=CVE-2017-5335
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. Las funciones de lectura de flujo en lib/opencdk/read-packet.c en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permiten a atacantes remotos provocar una denegación de servicio (fallo de memoria y error) Certificado OpenPGP. • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html http://rhn.redhat.com/errata/RHSA-2017-0574.html http://www.openwall.com/lists/oss-security/2017/01/10/7 http://www.openwall.com/lists/oss-security/2017/01/11/4 http://www.securityfocus.com/bid/95374 http://www.securitytracker.com/id/1037576 https://access.redhat.com/errata/RHSA-2017:2292 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 https://gitlab.com/gnutls/gnutls/commit/ • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •