CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 1CVE-2024-0553 – Gnutls: incomplete fix for cve-2023-5981
https://notcve.org/view.php?id=CVE-2024-0553
16 Jan 2024 — A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. Se encontró una vulnerabilidad en GnuTLS. • http://www.openwall.com/lists/oss-security/2024/01/19/3 • CWE-203: Observable Discrepancy •
CVSS: 7.4EPSS: 2%CPEs: 10EXPL: 1CVE-2023-0361 – gnutls: timing side-channel in the TLS RSA key exchange code
https://notcve.org/view.php?id=CVE-2023-0361
10 Feb 2023 — A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over tha... • https://access.redhat.com/security/cve/CVE-2023-0361 • CWE-203: Observable Discrepancy •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-4209 – Ubuntu Security Notice USN-5750-1
https://notcve.org/view.php?id=CVE-2021-4209
05 Aug 2022 — A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. Se ha encontrado un fallo de desreferencia de puntero NULL en GnuTLS. Como las funciones de actualización de hash de Nettle llaman internamente a memcpy, proporcionar una entrada de longitud cero puede causar un comportamiento indefinido. • https://access.redhat.com/security/cve/CVE-2021-4209 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2509 – gnutls: Double free during gnutls_pkcs7_verify
https://notcve.org/view.php?id=CVE-2022-2509
01 Aug 2022 — A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. Una vulnerabilidad encontrada en gnutls. Este fallo de seguridad es producida por un error de doble liberación durante la verificación de firmas pkcs7 en la función gnutls_pkcs7_verify A vulnerability was found in gnutls. This issue is due to a double-free error that occurs during the verification of pkcs7 signatures in the gnutls_pkcs7_ve... • https://access.redhat.com/security/cve/CVE-2022-2509 • CWE-415: Double Free •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20232 – gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c
https://notcve.org/view.php?id=CVE-2021-20232
12 Mar 2021 — A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. Se encontró un defecto en gnutls. Un uso de la memoria previamente liberada en la función client_send_params en la biblioteca lib/ext/pre_shared_key.c puede conllevar a una corrupción en la memoria y otras potenciales consecuencias A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead ... • https://bugzilla.redhat.com/show_bug.cgi?id=1922275 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-20231 – gnutls: Use after free in client key_share extension
https://notcve.org/view.php?id=CVE-2021-20231
12 Mar 2021 — A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. Se encontró un defecto en gnutls. Un uso de la memoria previamente liberada en el cliente que envía la extensión key_share puede conllevar a una corrupción de la memoria y otras consecuencias A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1922276 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-24659 – gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent
https://notcve.org/view.php?id=CVE-2020-24659
04 Sep 2020 — An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. Se detectó un problema en GnuTLS versiones anteriores a 3.6.15. Un servidor puede desencadenar una desreferencia del puntero NULL en un cliente T... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 3CVE-2020-13777 – gnutls: session resumption works without master key allowing MITM
https://notcve.org/view.php?id=CVE-2020-13777
04 Jun 2020 — GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. GnuTLS versiones 3.6.x anteriores a 3.6.14, usa una criptografía incorrecta para cifrar un ticket de sesión (una pérdida ... • https://github.com/0xxon/cve-2020-13777 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.4EPSS: 27%CPEs: 6EXPL: 0CVE-2020-11501 – gnutls: DTLS client hello contains a random value of all zeroes
https://notcve.org/view.php?id=CVE-2020-11501
03 Apr 2020 — GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. GnuTLS versiones 3.6.x anteriores a 3.6.13, usa una criptografía incorrecta para DTLS. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-3836 – gnutls: invalid pointer access upon receiving async handshake messages
https://notcve.org/view.php?id=CVE-2019-3836
01 Apr 2019 — It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. Se descubrió en gnutls, antes de la versión 3.6.7 upstream, que hay un acceso de puntero no inicializado en gnutls, en versiones 3.6.4 o posteriores, que puede desencadenarse por determinados mensajes "post-handshake". A flaw was found in the way gnutls handled malformed TLS 1.3 asynchronous messages. An attacker ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html • CWE-456: Missing Initialization of a Variable CWE-824: Access of Uninitialized Pointer •