CVE-2014-1959
https://notcve.org/view.php?id=CVE-2014-1959
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. lib/x509/verify.c en GnuTLS anterior a 3.1.21 y 3.2.x anterior a 3.2.11 trata certificados X.509 de versión 1 como CAs intermedios, lo que permite a atacantes remotos evadir restricciones mediante el aprovechamiento de un certificado X.509 V1 de un CA confiable para emitir certificados nuevos. • http://seclists.org/oss-sec/2014/q1/344 http://seclists.org/oss-sec/2014/q1/345 http://www.debian.org/security/2014/dsa-2866 http://www.gnutls.org/security.html http://www.securityfocus.com/bid/65559 http://www.ubuntu.com/usn/USN-2121-1 https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4466
https://notcve.org/view.php?id=CVE-2013-4466
Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. Desbordamiento de búfer en la función dane_query_tlsa de la librería DANE (libdane) en GnuTLS 3.1.x anterior a la versión 3.1.15 y 3.2.x anterior a 3.2.5 permite en servidores remotos provocar una denegación de servicio (corrupción de memoria) a través de una respuesta que implique más de 4 entradas DANE. • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050 http://www.gnutls.org/security.html#GNUTLS-SA-2013-3 http://www.openwall.com/lists/oss-security/2013/10/25/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4487
https://notcve.org/view.php?id=CVE-2013-4487
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. Error de superación de límite en dane_raw_tlsa en la librería DANE (libdane) de GnuTLS 3.1.x anterior a la versión 3.1.16 y 3.2.x anterior a 3.2.6 permite en servidores remotos provocar una denegación de servicio (corrupción de memoria) a través de una respuesta con más de 4 entradas DANE. NOTA: este problema se debe a una solución incompleta para CVE-2013-4466. • http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html http://www.openwall.com/lists/oss-security/2013/10/31/4 https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc • CWE-189: Numeric Errors •
CVE-2013-2116 – gnutls: out of bounds read in _gnutls_ciphertext2compressed (GNUTLS-SA-2013-2)
https://notcve.org/view.php?id=CVE-2013-2116
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. La función _gnutls_ciphertext2compressed en lib/gnutls_cipher.c en GnuTLS 2.12.23, permite a atacantes remotos provocar una denegación de servicio (sobrelectura y caída del búfer) a través de un tamaño manipulado. NOTA: esto podría deberse a una incorrecta corrección del CVE-2013-0169. • http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-0883.html http://secunia.com/advisories/53911 http://secunia.com/advisories/57260 http://secunia.com/advisories/57274 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753 http://thread.gmane.org/gmane.comp.encryptio • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVE-2013-1619 – gnutls: TLS CBC padding timing attack (lucky-13)
https://notcve.org/view.php?id=CVE-2013-1619
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación de TLS en GnuTLS antes de v2.12.23, v3.0.x antes de v3.0.28, y v3.1.x antes de v3.1.7 no tiene debidamente en cuenta los ataques de tiempo al canal lateral en la operación de comprobación de incumplimiento MAC durante el proceso de relleno CBC malformado, lo que permite a atacantes remotos realizar ataques distintivos y de texto plano ataques de recuperación a través de análisis estadístico de datos de tiempo de los paquetes hechos a mano, una cuestión relacionada con CVE-2013-0169. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html http://openwall.com/lists/oss-security/2013/02/05/24 http://rhn.redhat.com/errata/RHSA-2013-0588.html http://secunia.com/ad • CWE-310: Cryptographic Issues •