63 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. Se encontró una vulnerabilidad en GnuTLS. • http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/errata/RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:0627 https://access.redhat.com/errata/RHSA-2024:0796 https://access.redhat.com/errata/RHSA-2024:1082 https://access.redhat.com/errata/RHSA-2024:1108 https://access.redhat.com/errata/RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.red • CWE-203: Observable Discrepancy •

CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Se encontró una vulnerabilidad en la que los tiempos de respuesta a textos cifrados con formato incorrecto en RSA-PSK ClientKeyExchange difieren de los tiempos de respuesta de textos cifrados con el relleno PKCS#1 v1.5 correcto. • http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/errata/RHSA-2024:0155 https://access.redhat.com/errata/RHSA-2024:0319 https://access.redhat.com/errata/RHSA-2024:0399 https://access.redhat.com/errata/RHSA-2024:0451 https://access.redhat.com/errata/RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.red • CWE-203: Observable Discrepancy •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. Se ha encontrado un fallo de desreferencia de puntero NULL en GnuTLS. Como las funciones de actualización de hash de Nettle llaman internamente a memcpy, proporcionar una entrada de longitud cero puede causar un comportamiento indefinido. • https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568 https://gitlab.com/gnutls/gnutls/-/issues/1306 https://gitlab.com/gnutls/gnutls/-/merge_requests/1503 https://security.netapp.com/advisory/ntap-20220915-0005 • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. Una vulnerabilidad encontrada en gnutls. Este fallo de seguridad es producida por un error de doble liberación durante la verificación de firmas pkcs7 en la función gnutls_pkcs7_verify A vulnerability was found in gnutls. This issue is due to a double-free error that occurs during the verification of pkcs7 signatures in the gnutls_pkcs7_verify function. • https://access.redhat.com/security/cve/CVE-2022-2509 https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html https://www.debian.org/security/2022/dsa-5203 https://bugzilla.redhat.com/show_bug.cgi?id=2108977 • CWE-415: Double Free •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. Se encontró un defecto en gnutls. Un uso de la memoria previamente liberada en la función client_send_params en la biblioteca lib/ext/pre_shared_key.c puede conllevar a una corrupción en la memoria y otras potenciales consecuencias A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1922275 https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E https://lists.apach • CWE-416: Use After Free •