Vulnerabilites related to gnu - gnutls
Vulnerability from fkie_nvd
Published
2021-03-12 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| redhat | enterprise_linux | 8.0 | |
| fedoraproject | fedora | 34 | |
| netapp | active_iq_unified_manager | - | |
| netapp | e-series_performance_analyzer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66BC7206-28E1-4A23-9701-78ABEA79D0C5",
"versionEndExcluding": "3.7.1",
"versionStartIncluding": "3.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un defecto en gnutls.\u0026#xa0;Un uso de la memoria previamente liberada en el cliente que env\u00eda la extensi\u00f3n key_share puede conllevar a una corrupci\u00f3n de la memoria y otras consecuencias"
}
],
"id": "CVE-2021-20231",
"lastModified": "2024-11-21T05:46:10.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-12T19:15:13.037",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922276"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0005/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-21 13:24
Modified
2025-04-09 00:30
Severity ?
Summary
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A466931C-769A-4A28-B072-10930CE655E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "10F621DC-7967-4D97-A562-02E7033C89C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "776E5481-399F-45BC-AD20-A18508B03916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "63D7F972-9128-4A4D-8508-B38CE2F155E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "54FE4766-32D0-491E-8C71-5B998C468142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7F980857-2364-466A-8366-BD017D242222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E649D-5C45-4412-927B-E3EDCE07587C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "052B40C1-C29B-4189-9A45-DAE873AB716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61D05BC3-1315-4AC7-884D-41459272C94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "738F29DA-9741-4BA5-B370-417443A3AC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52173492-1031-4AA4-A600-6210581059D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB636C36-2884-4F66-B68A-4494AEAF90C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9200C3-0F46-4238-918B-38D95BF11547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B84A4F5-CED7-4633-913F-BE8235F68616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB6EC88-DCE0-439B-89CD-18229965849B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2C89DD-CDBD-4772-A031-089F32006D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00DE1208-BDDC-405B-A34A-B58D00A279DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C952BF-A135-4B15-8A51-94D66B618469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADED309-0A25-478D-B542-96217A0DD63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F714D22-873A-4D64-8151-86BB55EFD084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9181F9-50FF-4995-9554-022CF93376C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86C70F69-FB80-4F32-A798-71A5153E6C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A1E604-500E-4181-BF66-BB69C7C3F425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7073EAD-06C9-4309-B479-135021E82B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1895868E-E501-42C2-8450-EEED4447BAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "199AA36A-3B23-438C-9109-CC9000372986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6FFF05-37B2-4D69-86AF-921591382D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "22802660-D33F-4683-B82F-C94AC6170A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DBAF08-1441-4F14-A740-E90044B77042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3B6684-3890-4B60-BE67-D06045A86B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D61596-01EB-4936-923B-63537625F926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "599EB59C-7717-47A8-84C6-78B6D79AEB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26E9005E-5034-43F2-B96E-7829E19FE3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83F22BF4-A738-438B-8D0B-6993640F0D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF269AE-121B-4982-A765-5C7E806FA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C9F604-7FBE-4759-B039-8F5894574203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "191821CD-E4CB-4269-B04C-284A9F9783B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A71474-958D-4689-A652-3E2A731F47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38169043-17DF-4CF9-963A-8770B8882357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4537676-A72E-4433-B44F-3664EDD6F240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D085B16-3116-423F-BDE0-2D93E12650A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1."
},
{
"lang": "es",
"value": "La funci\u00f3n _gnutls_server_name_recv_params de lib/ext_server_name.c en libgnutls de gnutls-serv en GnuTLS versiones anteriores a la 2.2.4, no calcula correctamente el n\u00famero de Nombre de Servidor en un mensaje Hello TLS 1.0 durante la gesti\u00f3n de extensiones, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrariamente a trav\u00e9s de un valor cero para la longitud de los Nombres de Servidores, lo que conlleva un desbordamiento de b\u00fafer en una sesi\u00f3n de reanudaci\u00f3n de datos en la funci\u00f3n pack_security_parameters, tambi\u00e9n conocida como GNUTLS-SA-2008-1-1."
}
],
"id": "CVE-2008-1948",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-21T13:24:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30287"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30302"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30317"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30324"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30330"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30331"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30338"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30355"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31939"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/3902"
},
{
"source": "secalert@redhat.com",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/111034"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29292"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1020057"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42532"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/111034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-22 13:29
Modified
2024-11-21 03:42
Severity ?
Summary
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA0072D-DE2F-467F-9143-371A8CCB9000",
"versionEndExcluding": "3.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets."
},
{
"lang": "es",
"value": "Se ha detectado que la implementaci\u00f3n GnuTLS de HMAC-SHA-256 era vulnerable a un ataque de estilo Lucky Thirteen. Los atacantes remotos podr\u00edan utilizar este fallo para realizar ataques de distinci\u00f3n y de recuperaci\u00f3n en texto plano mediante an\u00e1lisis estad\u00edsticos de datos temporales mediante paquetes manipulados."
}
],
"id": "CVE-2018-10844",
"lastModified": "2024-11-21T03:42:07.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-22T13:29:00.317",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105138"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://eprint.iacr.org/2018/747"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://eprint.iacr.org/2018/747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3999-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-385"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-05 20:55
Modified
2025-04-12 10:46
Severity ?
Summary
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77216B5D-E820-4137-B00F-0B66CD08EEE1",
"versionEndExcluding": "3.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2350B15F-7A7A-4BCD-852D-F9999C61DEDF",
"versionEndExcluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37BA55FC-D350-4DEB-9802-40AF59C99E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "569964DA-31BE-4520-A66D-C3B09D557AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
"matchCriteriaId": "67960FB9-13D1-4DEE-8158-31BF31BCBE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
"matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48A2FBA9-207F-4F16-932D-BF0BA3440503",
"versionEndIncluding": "6.4.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6AC80F-9D91-468D-BEE3-6A0759723673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data."
},
{
"lang": "es",
"value": "La funci\u00f3n asn1_get_bit_der en GNU Libtasn1 anterior a 3.6 no informa debidamente de un error cuando una longitud de bit negativa est\u00e1 identificada, lo que permite a atacantes dependientes de contexto causar acceso fuera de rango a trav\u00e9s de datos ASN.1 manipulados."
}
],
"id": "CVE-2014-3468",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-05T20:55:06.283",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58591"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58614"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59021"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59057"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59408"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60415"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61888"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-131"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-21 13:24
Modified
2025-04-09 00:30
Severity ?
Summary
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A466931C-769A-4A28-B072-10930CE655E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "10F621DC-7967-4D97-A562-02E7033C89C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "776E5481-399F-45BC-AD20-A18508B03916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "63D7F972-9128-4A4D-8508-B38CE2F155E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "54FE4766-32D0-491E-8C71-5B998C468142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7F980857-2364-466A-8366-BD017D242222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E649D-5C45-4412-927B-E3EDCE07587C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "052B40C1-C29B-4189-9A45-DAE873AB716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61D05BC3-1315-4AC7-884D-41459272C94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "738F29DA-9741-4BA5-B370-417443A3AC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52173492-1031-4AA4-A600-6210581059D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB636C36-2884-4F66-B68A-4494AEAF90C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9200C3-0F46-4238-918B-38D95BF11547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B84A4F5-CED7-4633-913F-BE8235F68616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB6EC88-DCE0-439B-89CD-18229965849B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2C89DD-CDBD-4772-A031-089F32006D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00DE1208-BDDC-405B-A34A-B58D00A279DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C952BF-A135-4B15-8A51-94D66B618469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADED309-0A25-478D-B542-96217A0DD63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F714D22-873A-4D64-8151-86BB55EFD084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9181F9-50FF-4995-9554-022CF93376C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86C70F69-FB80-4F32-A798-71A5153E6C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A1E604-500E-4181-BF66-BB69C7C3F425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7073EAD-06C9-4309-B479-135021E82B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1895868E-E501-42C2-8450-EEED4447BAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "199AA36A-3B23-438C-9109-CC9000372986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6FFF05-37B2-4D69-86AF-921591382D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "22802660-D33F-4683-B82F-C94AC6170A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DBAF08-1441-4F14-A740-E90044B77042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3B6684-3890-4B60-BE67-D06045A86B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D61596-01EB-4936-923B-63537625F926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "599EB59C-7717-47A8-84C6-78B6D79AEB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26E9005E-5034-43F2-B96E-7829E19FE3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83F22BF4-A738-438B-8D0B-6993640F0D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF269AE-121B-4982-A765-5C7E806FA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C9F604-7FBE-4759-B039-8F5894574203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "191821CD-E4CB-4269-B04C-284A9F9783B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A71474-958D-4689-A652-3E2A731F47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38169043-17DF-4CF9-963A-8770B8882357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4537676-A72E-4433-B44F-3664EDD6F240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D085B16-3116-423F-BDE0-2D93E12650A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3."
},
{
"lang": "es",
"value": "Error en signo de entero de la funci\u00f3n the _gnutls_ciphertext2compressed en lib/gnutls_cipher.c de libgnutls en GnuTLS versiones anteriores a la 2.2.4, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (sobre-lectura de b\u00fafer y ca\u00edda) a trav\u00e9s de determinados valores de entero en el campo Random de un mensaje Client Hello encriptado dentro de un registro TLS con una longitud de registro no v\u00e1lida, lo cual conlleva una longitud de relleno de cifra no v\u00e1lido, tambi\u00e9n conocido como GNUTLS-SA-2008-1-3."
}
],
"evaluatorSolution": "The vendor has released a statement regarding this issue:\r\n\r\nhttp://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001208.html",
"id": "CVE-2008-1950",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-21T13:24:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30287"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30302"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30317"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30324"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30330"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30331"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30338"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30355"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31939"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/3902"
},
{
"source": "secalert@redhat.com",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"source": "secalert@redhat.com",
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/659209"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/29292"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1020059"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/659209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-10 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8150D656-9B13-49D0-9960-4C78E057AB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0161F845-C5F4-4318-949A-499A4062FB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C42F577F-264C-4F8F-955A-67743965AB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "022F28CD-4D6B-48AB-8E39-244E19D34F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "16B5986E-1029-4D40-8012-1FF1615C929A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "45439989-0D3B-4DCE-AB35-B63B1543CD59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCD4F3C-8BD4-4367-B00C-A1379C158625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "12F2CFB7-5ACF-4328-B0F8-C3A981CAA368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3A72EF-FB1C-4CD8-B6C7-B7D60D6A14D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "14624E40-3CAA-45E5-BDF2-F08706FC68BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E743ABC3-6F24-43E1-98E5-6F60BE975212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDA000C-A616-402B-B964-D5F4ADB6B550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "62789464-0074-4009-B97B-665A21E0CC25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4B02B1BA-4E05-4AFD-B1F8-1CB54F2DC5B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "95A77487-3ABD-40F5-9C98-49A65ED7F16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3911F202-5E7B-4DE3-90D9-07278923036B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF1B6CF-3434-4874-9324-87D045511A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "133CA307-1B3A-4DBB-89F8-C780E4B1BA7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "48CD2EAB-A10E-4C91-9D00-9F98BD63CA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "F97BE4C9-E7FC-44FE-9F11-7776BCD6E81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "D97EAF12-679B-4494-871F-0074ABD0E20B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "70F58963-0C56-4228-B9DC-1EA54DA8070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D91451B0-301B-430D-9D77-00F4AE91C10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "344CCDAD-64EC-419C-995B-51F922AB9E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB8FC4-F84A-47FD-9586-CF02761152A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D57BDDEB-090D-472C-9FB6-4555429860E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F430F4C6-A738-4E02-BE76-041F71335E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64EE97BB-D0EE-444A-96FA-D127892216F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FB28F388-DE19-4C25-A838-949CA926C31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "435C588C-A478-4FB8-A47D-2605CB39C331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDDABF3-ECA6-433E-A7D6-8E13F0C6433B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0142E0D7-85DD-413B-B176-2FB5E12C2FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "780D6C0C-2B20-425E-B15E-EE1AF9F28B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2D3896-E095-4889-A9D1-6D8EB2882D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C3CCDF3A-BEAB-4DA2-A15A-A855FFFD415A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "827A375E-8045-4A81-AB7C-11A89E862518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC1076D-2249-406B-9D43-B24764BBE007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F039CD91-0FF6-4640-B981-20A3F9384A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "567E66B1-53D9-4A80-A938-2FE5C7CEB985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2186BE-288F-40FD-B634-76D14578E252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "773043EA-8C41-4F42-9702-660FD6822FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "37E05061-D666-492E-AF2B-CF30FC2FA759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A22BC2E4-A2A5-4637-A9B9-9E68FC982BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "68DF059C-4C1D-4B9C-993E-1C4D3510471C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN."
},
{
"lang": "es",
"value": "La funci\u00f3n gnutls_x509_dn_oid_name en lib/x509/common.c en GnuTLS 3.0 anterior a 3.1.20 y 3.2.x anterior a 3.2.10 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo) a trav\u00e9s de un certificado X.509 manipulado, relacionado con la falta de una descripci\u00f3n LDAP para un identificador de objeto (OID) cuando se imprime el DN."
}
],
"evaluatorComment": "Per http://cwe.mitre.org/data/definitions/476.html\n\"CWE-476: NULL Pointer Dereference\"",
"id": "CVE-2014-3465",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-10T14:55:10.163",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59086"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101734"
},
{
"source": "secalert@redhat.com",
"url": "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-27 16:15
Modified
2024-11-21 02:22
Severity ?
Summary
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.debian.org/security/2015/dsa-3191 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1196323 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1196323 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| debian | debian_linux | 7.0 | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C552DB-2FAA-4FFF-8F2D-7939555F85A3",
"versionEndExcluding": "3.3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate."
},
{
"lang": "es",
"value": "GnuTLS versiones anteriores a 3.3.13, no comprueba que los algoritmos de firma coincidan cuando se importa un certificado."
}
],
"id": "CVE-2015-0294",
"lastModified": "2024-11-21T02:22:45.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-27T16:15:10.953",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3191"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-26 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DAE9020-329B-487B-AA25-B17CBEFE07E2",
"versionEndIncluding": "3.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A466931C-769A-4A28-B072-10930CE655E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "10F621DC-7967-4D97-A562-02E7033C89C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "776E5481-399F-45BC-AD20-A18508B03916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "63D7F972-9128-4A4D-8508-B38CE2F155E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "54FE4766-32D0-491E-8C71-5B998C468142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7F980857-2364-466A-8366-BD017D242222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E649D-5C45-4412-927B-E3EDCE07587C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "052B40C1-C29B-4189-9A45-DAE873AB716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61D05BC3-1315-4AC7-884D-41459272C94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "738F29DA-9741-4BA5-B370-417443A3AC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52173492-1031-4AA4-A600-6210581059D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB636C36-2884-4F66-B68A-4494AEAF90C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9200C3-0F46-4238-918B-38D95BF11547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B84A4F5-CED7-4633-913F-BE8235F68616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB6EC88-DCE0-439B-89CD-18229965849B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2C89DD-CDBD-4772-A031-089F32006D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00DE1208-BDDC-405B-A34A-B58D00A279DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C952BF-A135-4B15-8A51-94D66B618469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADED309-0A25-478D-B542-96217A0DD63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F714D22-873A-4D64-8151-86BB55EFD084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9181F9-50FF-4995-9554-022CF93376C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86C70F69-FB80-4F32-A798-71A5153E6C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A1E604-500E-4181-BF66-BB69C7C3F425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7073EAD-06C9-4309-B479-135021E82B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1895868E-E501-42C2-8450-EEED4447BAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "199AA36A-3B23-438C-9109-CC9000372986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6FFF05-37B2-4D69-86AF-921591382D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "22802660-D33F-4683-B82F-C94AC6170A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DBAF08-1441-4F14-A740-E90044B77042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3B6684-3890-4B60-BE67-D06045A86B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D61596-01EB-4936-923B-63537625F926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "599EB59C-7717-47A8-84C6-78B6D79AEB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26E9005E-5034-43F2-B96E-7829E19FE3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83F22BF4-A738-438B-8D0B-6993640F0D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF269AE-121B-4982-A765-5C7E806FA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C9F604-7FBE-4759-B039-8F5894574203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "191821CD-E4CB-4269-B04C-284A9F9783B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A71474-958D-4689-A652-3E2A731F47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38169043-17DF-4CF9-963A-8770B8882357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4537676-A72E-4433-B44F-3664EDD6F240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D085B16-3116-423F-BDE0-2D93E12650A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D245A-D983-40AD-89A7-0EA00D38D570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7223691-225D-4649-B410-F41D2C489BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F786B6F2-77FC-4DFE-A574-2C00EDC08CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "350A6845-77D6-4D63-A13C-5DAB55F98727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D457688-987A-4059-AA58-D9BF19ABC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20043D-EC85-4003-9E7B-27AB50F4E133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "18A2C47E-510D-4537-8F51-3763A73E8E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4704D411-7B24-4B1F-9D40-A39A178FF873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B5E7C27-A5D9-4ABD-AFC5-5367083F387F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3091701-9B7C-4494-A82E-6E6F64656D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "541BCA04-0500-4388-9140-55C17E17EB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E11431F6-8C9D-40E1-84F6-CD25147DB15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC3D824-585E-49F1-9E44-902F5C7D57D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2097221B-46C2-480C-8D79-54080186BB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CEC430-8CFF-4DC5-9B2B-338C401B1984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DAA60D-F9B4-4045-81C2-29AD913E7BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "547CC163-57F9-4418-BFB1-0E688DEEE0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A274912-B16F-4B91-8CC0-E5CEED04B678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA84D0DE-B63F-41E4-AB04-70D2F5134D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5552C7B3-5D56-4858-B138-F49CD1F90513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7E11DD-6AFC-4271-92D5-FB41CA6E1B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BA23D0EC-6014-4303-962A-1936EFCE3D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA54B99-2FF1-432F-9587-8F384323CADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39F59B50-BC97-43B3-BC15-C767F420291E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "37B25626-7C72-4BAE-85FF-415A5F376A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31E092EF-D7F6-4160-B928-3C3EA1198B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "185A2FAD-5541-4439-924B-406BD33E6FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "854F260C-4C7D-4855-8644-4B6DC7CD5657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "07E877F8-3623-4295-816F-7EE4FFDE1599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86E711C7-37EE-4957-BD49-FA08103357BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A964A74F-CC0E-4E2E-8DBB-858A66EA2566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC43DD1B-D8F0-4CC6-A5A9-C0DCEB1A7131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8150D656-9B13-49D0-9960-4C78E057AB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0161F845-C5F4-4318-949A-499A4062FB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C42F577F-264C-4F8F-955A-67743965AB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "022F28CD-4D6B-48AB-8E39-244E19D34F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "16B5986E-1029-4D40-8012-1FF1615C929A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "45439989-0D3B-4DCE-AB35-B63B1543CD59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCD4F3C-8BD4-4367-B00C-A1379C158625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "12F2CFB7-5ACF-4328-B0F8-C3A981CAA368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF062C51-CADD-46B1-A121-32CB6A18F2FC",
"versionEndIncluding": "2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7031435B-D0CA-488B-86D2-DB7E031CC4DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09F703B5-5548-4B21-97C4-EEB5A79BFDA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDC2A2A-80A8-4F0B-9050-88E68C614605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85655541-7911-4F23-967B-A8EE8F77CB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9548F8E-9558-48E7-B7AA-52536C16D39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE5A7AC-2608-41AB-B319-7FE54EE638DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "715A4581-1FA7-4BBD-9CBD-0EEEDF6EB85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB27F841-7ECF-46A8-A353-572D57CFA8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "43639215-5F31-4168-B40B-BC23DFC6F449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6895DBDF-02F3-4ABE-94C9-2B389B1633A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8BEFC7-B81E-4872-AA0F-3382C4340E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "467A9372-936A-43B6-AA6E-4B110460E53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB8982C-9131-4A65-AD52-BCC50E204BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4F854E-8C99-4BB0-8146-0F95C25385F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "370BA774-EBA1-454C-82B7-6ACE43744B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5A004586-34BE-42A7-9DD2-8991AC651407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6324E8-2B22-4567-B5B6-A6CC5CA12DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8BED632B-43B5-4AC2-8DC8-55A2032CDA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "87C997F9-9480-4980-9FA2-045248EE0DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FE11CD41-CBEE-413B-BD6C-FECEA6778CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4D083C-0D60-476C-9A9B-62E38CE709A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "36F87440-811B-4AD7-8B62-5B8E88D7F3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C56DB483-22C8-483D-B11B-DFAABF7223BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51918C9-18B0-434C-B097-FBC78BE7307F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9C52B5-4CA8-4777-B6EE-62F924B47B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29E05ABB-DE4D-411D-A1B7-E4194825F75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "75F77DCC-6C4C-4CFB-BFAF-1BD8EF1D606D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DCAF92-7732-477D-8E4F-D3FA3F9B5C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6328C0-1A21-4935-9E71-C3C38BD118B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9E623FF7-EE83-42B3-B4F3-F521820B417C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "75BA158E-BD3A-4F97-A142-F3426AAD4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D2DF6E-FDD2-4C3C-9EA5-A509BF946539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8352B632-E674-453A-BE64-81960D2382D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3531C0-E08D-4BFF-8335-3F653A77B3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "355D4841-1447-41EF-9B85-C5E2B7C0A5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4C3B81-8AF3-40EF-8997-221600B1B2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8EE05F-000A-46ED-A819-A7253D299260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "33060E8C-EA63-4599-8765-B72F7809C914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33B23D8C-269A-4E37-BEFD-262424EDEAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "120B5DD9-C74D-44C0-AF40-D71E6F3107BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2023D887-50B5-485B-BECF-E4C9107E46BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0F875C0B-4AE3-4B71-ABEE-703477919747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4356476-E1C4-4C72-9AE8-DA1AE541A654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "638381FC-4AFF-47BF-B280-8C6A77FC6966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DB9D74-F831-4A2A-8B7A-692DDC21D627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40DDDE9D-8F3F-494D-8FD6-205CBFC5F8B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "767DF7D3-534F-4F18-8B59-4F1C9A7EA404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDA21F2-B48C-41DB-958E-0DC3DA3C3B88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2BD591-165A-4DF6-88CD-E1D6A7B67505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCB275D-8510-464B-BEC3-51A3D1A402C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "05D976E9-191B-4150-9339-56DB7E137641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BD197F74-96EC-4CBD-B21E-F703799A0B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1A063194-9A64-4FA3-AF00-856825028855",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure."
},
{
"lang": "es",
"value": "La funci\u00f3n asn1_get_length_der en decoding.c en GNU libtasn1 antes de v2.12, tal y como se usa en GnuTLS antes del v3.0.16 y otros productos, no maneja adecuadamente ciertos valores de longitud demasiado grandes, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de la pila de memoria y ca\u00edda de la aplicaci\u00f3n) o posiblemente tener un impacto no especificado a trav\u00e9s de una estructura ASN.1 especificamente elaborada para este fin."
}
],
"id": "CVE-2012-1569",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-26T19:55:01.110",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932"
},
{
"source": "secalert@redhat.com",
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53"
},
{
"source": "secalert@redhat.com",
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"source": "secalert@redhat.com",
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0427.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48397"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48488"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48505"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48578"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48596"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/49002"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50739"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2440"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1026829"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1436-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0427.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1436-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-24 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCB1A63-F2CF-474F-AAF6-CE225C58B765",
"versionEndIncluding": "3.3.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2434168D-05A8-4300-9069-C55566A5EAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BACD6E9A-8CCA-44C3-AE54-BAABEAB5BB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6FA626-AEE9-4E3B-8BE4-3F2D46FF072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA302AC-1DE9-4D36-94B2-BB4411E9BF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71805931-872A-4F1A-A8B4-82347C2EF90E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A489C2-4824-4133-83E0-625AA454E959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D38B82-82A7-4943-BE1C-77EC707289D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "850A1174-F1E7-47EA-AF71-FEB6C4379EDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension."
},
{
"lang": "es",
"value": "La vulnerabilidad de liberaci\u00f3n doble en la funci\u00f3n gnutls_x509_ext_import_proxy de GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permite a los atacantes remotos tener un impacto no especificado a trav\u00e9s de una informaci\u00f3n de lenguaje de directivas elaborada en un certificado X.509 con una extensi\u00f3n Proxy Certificate Information."
}
],
"id": "CVE-2017-5334",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-24T15:59:00.763",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95370"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"source": "security@debian.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-1"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-04"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-10 10:15
Modified
2025-08-15 19:32
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2025-32990 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2359620 | Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | - | |
| redhat | openshift_container_platform | 4.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A22858-21E1-479F-A9C4-AD2EFD059B93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system."
},
{
"lang": "es",
"value": "Se detect\u00f3 una falla de desbordamiento de b\u00fafer de pila (desviaci\u00f3n de uno) en el software GnuTLS, en la l\u00f3gica de an\u00e1lisis de plantillas de la utilidad certtool. Al leer ciertas configuraciones de un archivo de plantilla, permite a un atacante provocar una escritura fuera de los l\u00edmites (OOB) en un puntero nulo, lo que resulta en corrupci\u00f3n de memoria y una denegaci\u00f3n de servicio (DoS) que podr\u00eda bloquear el sistema."
}
],
"id": "CVE-2025-32990",
"lastModified": "2025-08-15T19:32:53.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-10T10:15:33.060",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-32990"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-08 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D61596-01EB-4936-923B-63537625F926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "599EB59C-7717-47A8-84C6-78B6D79AEB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26E9005E-5034-43F2-B96E-7829E19FE3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83F22BF4-A738-438B-8D0B-6993640F0D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF269AE-121B-4982-A765-5C7E806FA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C9F604-7FBE-4759-B039-8F5894574203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "191821CD-E4CB-4269-B04C-284A9F9783B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A71474-958D-4689-A652-3E2A731F47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38169043-17DF-4CF9-963A-8770B8882357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4537676-A72E-4433-B44F-3664EDD6F240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D085B16-3116-423F-BDE0-2D93E12650A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D245A-D983-40AD-89A7-0EA00D38D570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7223691-225D-4649-B410-F41D2C489BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F786B6F2-77FC-4DFE-A574-2C00EDC08CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "350A6845-77D6-4D63-A13C-5DAB55F98727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D457688-987A-4059-AA58-D9BF19ABC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20043D-EC85-4003-9E7B-27AB50F4E133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "18A2C47E-510D-4537-8F51-3763A73E8E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4704D411-7B24-4B1F-9D40-A39A178FF873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B5E7C27-A5D9-4ABD-AFC5-5367083F387F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3091701-9B7C-4494-A82E-6E6F64656D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "541BCA04-0500-4388-9140-55C17E17EB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E11431F6-8C9D-40E1-84F6-CD25147DB15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC3D824-585E-49F1-9E44-902F5C7D57D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2097221B-46C2-480C-8D79-54080186BB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CEC430-8CFF-4DC5-9B2B-338C401B1984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DAA60D-F9B4-4045-81C2-29AD913E7BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "547CC163-57F9-4418-BFB1-0E688DEEE0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A274912-B16F-4B91-8CC0-E5CEED04B678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA84D0DE-B63F-41E4-AB04-70D2F5134D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5552C7B3-5D56-4858-B138-F49CD1F90513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7E11DD-6AFC-4271-92D5-FB41CA6E1B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BA23D0EC-6014-4303-962A-1936EFCE3D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA54B99-2FF1-432F-9587-8F384323CADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39F59B50-BC97-43B3-BC15-C767F420291E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "37B25626-7C72-4BAE-85FF-415A5F376A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31E092EF-D7F6-4160-B928-3C3EA1198B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "185A2FAD-5541-4439-924B-406BD33E6FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "854F260C-4C7D-4855-8644-4B6DC7CD5657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "07E877F8-3623-4295-816F-7EE4FFDE1599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86E711C7-37EE-4957-BD49-FA08103357BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A964A74F-CC0E-4E2E-8DBB-858A66EA2566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5B36918C-BB8D-4B8E-8868-7726C5ADD4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.16:*:*:*:*:*:*:*",
"matchCriteriaId": "28795719-99A4-4DA3-AE98-4FDBEE320AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.17:*:*:*:*:*:*:*",
"matchCriteriaId": "13A85219-2DF1-4F84-A8AC-C923F8F7AF1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CECB347D-51C9-4905-8035-61D5EE05D751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.19:*:*:*:*:*:*:*",
"matchCriteriaId": "53C7F93C-6997-490C-988F-B58C26467265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEAB96B-92C8-4D72-8BF0-5B9578549233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0441F505-F28B-466F-8B68-E165154D3738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEAB490-9368-453F-8CA0-699FBC86BF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC43DD1B-D8F0-4CC6-A5A9-C0DCEB1A7131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8150D656-9B13-49D0-9960-4C78E057AB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0161F845-C5F4-4318-949A-499A4062FB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C42F577F-264C-4F8F-955A-67743965AB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "022F28CD-4D6B-48AB-8E39-244E19D34F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "16B5986E-1029-4D40-8012-1FF1615C929A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "45439989-0D3B-4DCE-AB35-B63B1543CD59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCD4F3C-8BD4-4367-B00C-A1379C158625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "12F2CFB7-5ACF-4328-B0F8-C3A981CAA368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3A72EF-FB1C-4CD8-B6C7-B7D60D6A14D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "14624E40-3CAA-45E5-BDF2-F08706FC68BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E743ABC3-6F24-43E1-98E5-6F60BE975212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDA000C-A616-402B-B964-D5F4ADB6B550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "62789464-0074-4009-B97B-665A21E0CC25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4B02B1BA-4E05-4AFD-B1F8-1CB54F2DC5B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "95A77487-3ABD-40F5-9C98-49A65ED7F16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3911F202-5E7B-4DE3-90D9-07278923036B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF1B6CF-3434-4874-9324-87D045511A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "133CA307-1B3A-4DBB-89F8-C780E4B1BA7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "48CD2EAB-A10E-4C91-9D00-9F98BD63CA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "F97BE4C9-E7FC-44FE-9F11-7776BCD6E81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "D97EAF12-679B-4494-871F-0074ABD0E20B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D91451B0-301B-430D-9D77-00F4AE91C10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "344CCDAD-64EC-419C-995B-51F922AB9E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB8FC4-F84A-47FD-9586-CF02761152A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D57BDDEB-090D-472C-9FB6-4555429860E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de TLS en GnuTLS antes de v2.12.23, v3.0.x antes de v3.0.28, y v3.1.x antes de v3.1.7 no tiene debidamente en cuenta los ataques de tiempo al canal lateral en la operaci\u00f3n de comprobaci\u00f3n de incumplimiento MAC durante el proceso de relleno CBC malformado, lo que permite a atacantes remotos realizar ataques distintivos y de texto plano ataques de recuperaci\u00f3n a trav\u00e9s de an\u00e1lisis estad\u00edstico de datos de tiempo de los paquetes hechos a mano, una cuesti\u00f3n relacionada con CVE-2013-0169."
}
],
"id": "CVE-2013-1619",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-08T19:55:01.157",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0588.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/57274"
},
{
"source": "cve@mitre.org",
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1752-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0588.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1752-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-04 07:15
Modified
2024-11-21 05:01
Severity ?
Summary
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9A3007-021D-4104-8BE1-1F3B205D832A",
"versionEndExcluding": "3.6.14",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application."
},
{
"lang": "es",
"value": "GnuTLS versiones 3.6.x anteriores a 3.6.14, usa una criptograf\u00eda incorrecta para cifrar un ticket de sesi\u00f3n (una p\u00e9rdida de confidencialidad en TLS versi\u00f3n 1.2, y un desv\u00edo de autenticaci\u00f3n en TLS versi\u00f3n 1.3). La primera versi\u00f3n afectada es la 3.6.4 (24-09-2018) debido a un error en un commit del 18-09-2018. Hasta la primera rotaci\u00f3n de claves, el servidor TLS siempre utiliza datos err\u00f3neos en lugar de una clave de cifrado derivada de una aplicaci\u00f3n"
}
],
"id": "CVE-2020-13777",
"lastModified": "2024-11-21T05:01:50.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-04T07:15:10.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200619-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4384-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200619-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4384-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4697"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-05 20:55
Modified
2025-04-12 10:46
Severity ?
Summary
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77216B5D-E820-4137-B00F-0B66CD08EEE1",
"versionEndExcluding": "3.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2350B15F-7A7A-4BCD-852D-F9999C61DEDF",
"versionEndExcluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37BA55FC-D350-4DEB-9802-40AF59C99E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "569964DA-31BE-4520-A66D-C3B09D557AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
"matchCriteriaId": "67960FB9-13D1-4DEE-8158-31BF31BCBE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
"matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument."
},
{
"lang": "es",
"value": "Las funciones (1) asn1_read_value_type y (2) asn1_read_value en GNU Libtasn1 anterior a 3.6 permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (referencia de puntero nulo y ca\u00edda) a trav\u00e9s de un valor nulo en un argumento ivalue."
}
],
"id": "CVE-2014-3469",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-05T20:55:06.347",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58591"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58614"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59021"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59057"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59408"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60415"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61888"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-06 01:55
Modified
2025-04-11 00:51
Severity ?
Summary
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| gnu | gnutls | 2.2.4 | |
| gnu | gnutls | 2.2.5 | |
| gnu | gnutls | 2.4.0 | |
| gnu | gnutls | 2.4.1 | |
| gnu | gnutls | 2.4.2 | |
| gnu | gnutls | 2.4.3 | |
| gnu | gnutls | 2.6.0 | |
| gnu | gnutls | 2.6.1 | |
| gnu | gnutls | 2.6.2 | |
| gnu | gnutls | 2.6.3 | |
| gnu | gnutls | 2.6.4 | |
| gnu | gnutls | 2.6.5 | |
| gnu | gnutls | 2.6.6 | |
| gnu | gnutls | 2.8.0 | |
| gnu | gnutls | 2.8.1 | |
| gnu | gnutls | 2.8.2 | |
| gnu | gnutls | 2.8.3 | |
| gnu | gnutls | 2.8.4 | |
| gnu | gnutls | 2.8.5 | |
| gnu | gnutls | 2.8.6 | |
| gnu | gnutls | 2.10.0 | |
| gnu | gnutls | 2.10.1 | |
| gnu | gnutls | 2.10.1-x86 | |
| gnu | gnutls | 2.10.2 | |
| gnu | gnutls | 2.10.2-x86 | |
| gnu | gnutls | 2.10.3 | |
| gnu | gnutls | 2.10.4 | |
| gnu | gnutls | 2.10.5 | |
| gnu | gnutls | 2.10.5-x86 | |
| gnu | gnutls | 2.12.0 | |
| gnu | gnutls | 2.12.1 | |
| gnu | gnutls | 2.12.2 | |
| gnu | gnutls | 2.12.3 | |
| gnu | gnutls | 2.12.4 | |
| gnu | gnutls | 2.12.5 | |
| gnu | gnutls | 2.12.6 | |
| gnu | gnutls | 2.12.6.1 | |
| gnu | gnutls | 2.12.7 | |
| gnu | gnutls | 2.12.8 | |
| gnu | gnutls | 2.12.9 | |
| gnu | gnutls | 2.12.10 | |
| gnu | gnutls | 2.12.11 | |
| gnu | gnutls | 2.12.12 | |
| gnu | gnutls | 2.12.13 | |
| gnu | gnutls | 2.12.14 | |
| gnu | gnutls | 3.0.0 | |
| gnu | gnutls | 3.0.1 | |
| gnu | gnutls | 3.0.2 | |
| gnu | gnutls | 3.0.3 | |
| gnu | gnutls | 3.0.4 | |
| gnu | gnutls | 3.0.5 | |
| gnu | gnutls | 3.0.6 | |
| gnu | gnutls | 3.0.7 | |
| gnu | gnutls | 3.0.8 | |
| gnu | gnutls | 3.0.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E54287A-6374-462C-B4AC-843298ED3E1C",
"versionEndIncluding": "3.0.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D245A-D983-40AD-89A7-0EA00D38D570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7223691-225D-4649-B410-F41D2C489BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F786B6F2-77FC-4DFE-A574-2C00EDC08CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "350A6845-77D6-4D63-A13C-5DAB55F98727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D457688-987A-4059-AA58-D9BF19ABC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20043D-EC85-4003-9E7B-27AB50F4E133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "18A2C47E-510D-4537-8F51-3763A73E8E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4704D411-7B24-4B1F-9D40-A39A178FF873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3091701-9B7C-4494-A82E-6E6F64656D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "541BCA04-0500-4388-9140-55C17E17EB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E11431F6-8C9D-40E1-84F6-CD25147DB15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC3D824-585E-49F1-9E44-902F5C7D57D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2097221B-46C2-480C-8D79-54080186BB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CEC430-8CFF-4DC5-9B2B-338C401B1984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DAA60D-F9B4-4045-81C2-29AD913E7BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "547CC163-57F9-4418-BFB1-0E688DEEE0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A274912-B16F-4B91-8CC0-E5CEED04B678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.1-x86:*:*:*:*:*:*:*",
"matchCriteriaId": "C679AA53-3BFF-419B-968F-19C285920049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA84D0DE-B63F-41E4-AB04-70D2F5134D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.2-x86:*:*:*:*:*:*:*",
"matchCriteriaId": "2E776B44-557C-491C-88B2-A2B757E6D4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5552C7B3-5D56-4858-B138-F49CD1F90513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7E11DD-6AFC-4271-92D5-FB41CA6E1B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BA23D0EC-6014-4303-962A-1936EFCE3D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.5-x86:*:*:*:*:*:*:*",
"matchCriteriaId": "C10EE9B1-2B6B-47B1-A153-CC296385BB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA54B99-2FF1-432F-9587-8F384323CADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39F59B50-BC97-43B3-BC15-C767F420291E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "37B25626-7C72-4BAE-85FF-415A5F376A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31E092EF-D7F6-4160-B928-3C3EA1198B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "185A2FAD-5541-4439-924B-406BD33E6FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "854F260C-4C7D-4855-8644-4B6DC7CD5657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "07E877F8-3623-4295-816F-7EE4FFDE1599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86E711C7-37EE-4957-BD49-FA08103357BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A964A74F-CC0E-4E2E-8DBB-858A66EA2566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8150D656-9B13-49D0-9960-4C78E057AB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0161F845-C5F4-4318-949A-499A4062FB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C42F577F-264C-4F8F-955A-67743965AB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108."
},
{
"lang": "es",
"value": "La implementaci\u00f3n DTLS en GnuTLS v3.0.10 y anteriores ejecuta codigo de gestion de errores s\u00f3lo si existe una relaci\u00f3n espec\u00edfica entre la longitud de relleno y el tama\u00f1o del texto cifrado, lo que facilita a los atacantes remotos a la hora de recuperar parte del texto a trav\u00e9s de un ataque de temporizacion en canal fisico. Se trata deproblema relacionado con CVE-2011-4108."
}
],
"id": "CVE-2012-0390",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-06T01:55:01.080",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "cve@mitre.org",
"url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-24 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "566DEEC1-DA2F-43C7-AFE3-AC351CCA3795",
"versionEndIncluding": "3.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors."
},
{
"lang": "es",
"value": "GnuTLS anterior a 3.1.0 no verifica que el algoritmo de firmas RSA PKCS #1 coincide con el algoritmo de firmas en el certificado, lo que permite a atacantes remotos realizar ataques de degradaci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0282",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-24T17:59:04.007",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1457.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3191"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnutls.org/security.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/73119"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1032148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1457.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnutls.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032148"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-12 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| redhat | enterprise_linux | 8.0 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66BC7206-28E1-4A23-9701-78ABEA79D0C5",
"versionEndExcluding": "3.7.1",
"versionStartIncluding": "3.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un defecto en gnutls.\u0026#xa0;Un uso de la memoria previamente liberada en la funci\u00f3n client_send_params en la biblioteca lib/ext/pre_shared_key.c puede conllevar a una corrupci\u00f3n en la memoria y otras potenciales consecuencias"
}
],
"id": "CVE-2021-20232",
"lastModified": "2024-11-21T05:46:10.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-12T19:15:13.130",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922275"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0005/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-30 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "350A6845-77D6-4D63-A13C-5DAB55F98727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D457688-987A-4059-AA58-D9BF19ABC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20043D-EC85-4003-9E7B-27AB50F4E133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "18A2C47E-510D-4537-8F51-3763A73E8E52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key."
},
{
"lang": "es",
"value": "lib/gnutls_pk.c en libgnutls en GnuTLS v2.5.0 hasta v2.6.5 genera claves RSA almacenados en estructuras DSA, en lugar de las claves DSA previstas, lo cual podr\u00eda permitir a atacantes remotos suplantar firmas en los certificados o tener otro impacto no especificado por el utilizamiento de una clave DSA no es v\u00e1lida."
}
],
"id": "CVE-2009-1416",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-30T20:30:00.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34842"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35211"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34783"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022158"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1218"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5 as it only affected gnutls 2.6.x versions.",
"lastModified": "2009-09-21T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-27 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2AE755-9003-4174-8F45-229FDE69B514",
"versionEndIncluding": "3.4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2434168D-05A8-4300-9069-C55566A5EAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BACD6E9A-8CCA-44C3-AE54-BAABEAB5BB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6FA626-AEE9-4E3B-8BE4-3F2D46FF072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA302AC-1DE9-4D36-94B2-BB4411E9BF53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc."
},
{
"lang": "es",
"value": "La funci\u00f3n gnutls_ocsp_resp_check_crt en lib/x509/ocsp.c en GnuTLS en versiones anteriores a 3.4.15 y 3.5.x en versiones anteriores a 3.5.4 no verifica la longitud de serie de una respuesta OCSP, lo que podr\u00eda permitir a atacantes remotos eludir un mecanismo de validaci\u00f3n destinada a certificados a trav\u00e9s de vectores que involucran bytes finales dejados por gnutls_malloc."
}
],
"id": "CVE-2016-7444",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-27T15:59:12.517",
"references": [
{
"source": "security@debian.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/92893"
},
{
"source": "security@debian.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security.html"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-10 08:15
Modified
2025-08-15 19:35
Severity ?
Summary
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2025-32989 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2359621 | Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | - | |
| redhat | openshift_container_platform | 4.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A22858-21E1-479F-A9C4-AD2EFD059B93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de sobrelectura del b\u00fafer de mont\u00f3n en GnuTLS en la gesti\u00f3n de la extensi\u00f3n de marca de tiempo del certificado firmado (SCT) de Transparencia de Certificado (CT) durante el an\u00e1lisis de certificados X.509. Esta falla permite a un usuario malintencionado crear un certificado con una extensi\u00f3n SCT mal formada (OID 1.3.6.1.4.1.11129.2.4.2) que contiene datos confidenciales. Este problema provoca la exposici\u00f3n de informaci\u00f3n confidencial cuando GnuTLS verifica certificados de ciertos sitios web cuando la SCT no se verifica correctamente."
}
],
"id": "CVE-2025-32989",
"lastModified": "2025-08-15T19:35:41.363",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
},
"published": "2025-07-10T08:15:24.430",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-32989"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-02 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| canonical | ubuntu_linux | 15.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5478C220-2E5A-4340-99FD-1EFB184FF437",
"versionEndIncluding": "3.3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point."
},
{
"lang": "es",
"value": "Vulnerabilidad de liberaci\u00f3n doble en lib/x509/x509_ext.c en GnuTLS en versiones anteriores a 3.3.14, permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado a trav\u00e9s de un punto de distribuci\u00f3n CRL manipulado."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/415.html\"\u003eCWE-415: Double Free\u003c/a\u003e",
"id": "CVE-2015-3308",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-02T14:59:01.873",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/04/15/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/04/16/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74188"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1033774"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2727-1"
},
{
"source": "cve@mitre.org",
"url": "https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02"
},
{
"source": "cve@mitre.org",
"url": "https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201506-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/04/15/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/04/16/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2727-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201506-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-07 00:10
Modified
2025-04-12 10:46
Severity ?
Summary
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| gnu | gnutls | 3.2.0 | |
| gnu | gnutls | 3.2.1 | |
| gnu | gnutls | 3.2.2 | |
| gnu | gnutls | 3.2.3 | |
| gnu | gnutls | 3.2.4 | |
| gnu | gnutls | 3.2.5 | |
| gnu | gnutls | 3.2.6 | |
| gnu | gnutls | 3.2.7 | |
| gnu | gnutls | 3.2.8 | |
| gnu | gnutls | 3.2.8.1 | |
| gnu | gnutls | 3.2.9 | |
| gnu | gnutls | 3.2.10 | |
| gnu | gnutls | * | |
| gnu | gnutls | 3.1.0 | |
| gnu | gnutls | 3.1.1 | |
| gnu | gnutls | 3.1.2 | |
| gnu | gnutls | 3.1.3 | |
| gnu | gnutls | 3.1.4 | |
| gnu | gnutls | 3.1.5 | |
| gnu | gnutls | 3.1.6 | |
| gnu | gnutls | 3.1.7 | |
| gnu | gnutls | 3.1.8 | |
| gnu | gnutls | 3.1.9 | |
| gnu | gnutls | 3.1.10 | |
| gnu | gnutls | 3.1.11 | |
| gnu | gnutls | 3.1.12 | |
| gnu | gnutls | 3.1.13 | |
| gnu | gnutls | 3.1.14 | |
| gnu | gnutls | 3.1.15 | |
| gnu | gnutls | 3.1.16 | |
| gnu | gnutls | 3.1.17 | |
| gnu | gnutls | 3.1.18 | |
| gnu | gnutls | 3.1.19 | |
| gnu | gnutls | 3.1.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "846AD6A8-6057-4F88-A82B-38BA2B93E5E8",
"versionEndIncluding": "3.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "827A375E-8045-4A81-AB7C-11A89E862518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC1076D-2249-406B-9D43-B24764BBE007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F039CD91-0FF6-4640-B981-20A3F9384A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "567E66B1-53D9-4A80-A938-2FE5C7CEB985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2186BE-288F-40FD-B634-76D14578E252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "773043EA-8C41-4F42-9702-660FD6822FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "37E05061-D666-492E-AF2B-CF30FC2FA759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A22BC2E4-A2A5-4637-A9B9-9E68FC982BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "68DF059C-4C1D-4B9C-993E-1C4D3510471C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9A21B6-4A22-4801-8023-45F39EC02576",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF76A6E5-DED3-46A0-877C-B4886E7743EF",
"versionEndIncluding": "3.1.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D91451B0-301B-430D-9D77-00F4AE91C10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "344CCDAD-64EC-419C-995B-51F922AB9E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB8FC4-F84A-47FD-9586-CF02761152A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D57BDDEB-090D-472C-9FB6-4555429860E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F430F4C6-A738-4E02-BE76-041F71335E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64EE97BB-D0EE-444A-96FA-D127892216F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FB28F388-DE19-4C25-A838-949CA926C31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "435C588C-A478-4FB8-A47D-2605CB39C331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDDABF3-ECA6-433E-A7D6-8E13F0C6433B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0142E0D7-85DD-413B-B176-2FB5E12C2FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "780D6C0C-2B20-425E-B15E-EE1AF9F28B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2D3896-E095-4889-A9D1-6D8EB2882D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C3CCDF3A-BEAB-4DA2-A15A-A855FFFD415A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "425F7D5B-EE8A-46EC-B986-414FB90702C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate."
},
{
"lang": "es",
"value": "lib/x509/verify.c en GnuTLS anterior a 3.1.22 y 3.2.x anterior a 3.2.12 no maneja debidamente errores no especificados cuando verifica certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores a trav\u00e9s de un certificado manipulado."
}
],
"id": "CVE-2014-0092",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-07T00:10:53.573",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://gnutls.org/security.html#GNUTLS-SA-2014-2"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0246.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0247.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0288.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0339.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56933"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57103"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57204"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57254"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57274"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57321"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2869"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/65919"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2127-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://gnutls.org/security.html#GNUTLS-SA-2014-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0246.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0288.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0339.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2127-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069865"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-24 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCB1A63-F2CF-474F-AAF6-CE225C58B765",
"versionEndIncluding": "3.3.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2434168D-05A8-4300-9069-C55566A5EAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BACD6E9A-8CCA-44C3-AE54-BAABEAB5BB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6FA626-AEE9-4E3B-8BE4-3F2D46FF072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA302AC-1DE9-4D36-94B2-BB4411E9BF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71805931-872A-4F1A-A8B4-82347C2EF90E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A489C2-4824-4133-83E0-625AA454E959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D38B82-82A7-4943-BE1C-77EC707289D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "850A1174-F1E7-47EA-AF71-FEB6C4379EDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en memoria din\u00e1mica en la funci\u00f3n read_attribute en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permiten a los atacantes remotos tener un impacto no especificado a trav\u00e9s de un certificado OpenPGP manipulado."
}
],
"id": "CVE-2017-5337",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-24T15:59:00.920",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"source": "security@debian.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95372"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"source": "security@debian.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-04"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-14 04:59
Modified
2025-04-20 01:37
Severity ?
Summary
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10ED3317-8157-49E1-9831-CFA9335397CD",
"versionEndIncluding": "3.5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor\u0027s GNUTLS-SA-2017-3 report) is fixed in 3.5.10."
},
{
"lang": "es",
"value": "GnuTLS en versiones anteriores a 20-02-2017 tiene una escritura fuera de l\u00edmites provocado por un desbordamiento de entero y desbordamiento de b\u00fafer basado en memoria din\u00e1mica en relaci\u00f3n con la funci\u00f3n cdk_pkt_read en opencdk/read-packet.c. Este problema (que es un subconjunto del informe GNUTLS-SA-2017-3 del proveedor) se fija en 3.5.10."
}
],
"id": "CVE-2017-7869",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-14T04:59:00.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97040"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-04 15:15
Modified
2024-11-21 05:15
Severity ?
Summary
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| canonical | ubuntu_linux | 20.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3160C6D1-138F-42D8-832E-4C0EFE6A4A48",
"versionEndExcluding": "3.6.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application\u0027s error handling path, where the gnutls_deinit function is called after detecting a handshake failure."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en GnuTLS versiones anteriores a 3.6.15.\u0026#xa0;Un servidor puede desencadenar una desreferencia del puntero NULL en un cliente TLS versi\u00f3n 1.3, si una alerta no_renegotiation es enviada con una sincronizaci\u00f3n no prevista y luego se produce un segundo protocolo de enlace no v\u00e1lido.\u0026#xa0;El bloqueo ocurre en la ruta de manejo de errores de la aplicaci\u00f3n, donde la funci\u00f3n gnutls_deinit es llamada despu\u00e9s de detectar un fallo en el protocolo de enlace"
}
],
"id": "CVE-2020-24659",
"lastModified": "2024-11-21T05:15:26.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-04T15:15:10.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1071"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200911-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4491-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200911-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4491-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-08 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | 2.12.0 | |
| gnu | gnutls | 2.12.1 | |
| gnu | gnutls | 2.12.2 | |
| gnu | gnutls | 2.12.3 | |
| gnu | gnutls | 2.12.4 | |
| gnu | gnutls | 2.12.5 | |
| gnu | gnutls | 2.12.6 | |
| gnu | gnutls | 2.12.6.1 | |
| gnu | gnutls | 2.12.7 | |
| gnu | gnutls | 2.12.8 | |
| gnu | gnutls | 2.12.9 | |
| gnu | gnutls | 2.12.10 | |
| gnu | gnutls | 2.12.11 | |
| gnu | gnutls | 2.12.12 | |
| gnu | gnutls | 2.12.13 | |
| gnu | gnutls | 3.0.0 | |
| gnu | gnutls | 3.0.1 | |
| gnu | gnutls | 3.0.2 | |
| gnu | gnutls | 3.0.3 | |
| gnu | gnutls | 3.0.4 | |
| gnu | gnutls | 3.0.5 | |
| gnu | gnutls | 3.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA54B99-2FF1-432F-9587-8F384323CADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39F59B50-BC97-43B3-BC15-C767F420291E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "37B25626-7C72-4BAE-85FF-415A5F376A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31E092EF-D7F6-4160-B928-3C3EA1198B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "185A2FAD-5541-4439-924B-406BD33E6FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "854F260C-4C7D-4855-8644-4B6DC7CD5657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "07E877F8-3623-4295-816F-7EE4FFDE1599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86E711C7-37EE-4957-BD49-FA08103357BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8150D656-9B13-49D0-9960-4C78E057AB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0161F845-C5F4-4318-949A-499A4062FB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C42F577F-264C-4F8F-955A-67743965AB8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n gnutls_session_get_data en lib/gnutls_session.c en GnuTLS v2.12.x antes de v2.12.14 y v3.x antes de v3.0.7, cuando se utiliza en un cliente que realiza la reanudaci\u00f3n de sesi\u00f3n no est\u00e1ndar, permite a los servidores remotos de TLS causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un SessionTicket grande."
}
],
"id": "CVE-2011-4128",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-08T20:55:00.890",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596"
},
{
"source": "secalert@redhat.com",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=190cef6eed37d0e73a73c1e205eb31d45ab60a3c"
},
{
"source": "secalert@redhat.com",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=e82ef4545e9e98cbcb032f55d7c750b81e3a0450"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/11/09/2"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/11/09/4"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48596"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48712"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:045"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1418-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=190cef6eed37d0e73a73c1e205eb31d45ab60a3c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=e82ef4545e9e98cbcb032f55d7c750b81e3a0450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/11/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/11/09/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1418-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752308"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-13 21:32
Modified
2025-04-12 10:46
Severity ?
Summary
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC43DD1B-D8F0-4CC6-A5A9-C0DCEB1A7131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8150D656-9B13-49D0-9960-4C78E057AB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0161F845-C5F4-4318-949A-499A4062FB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C42F577F-264C-4F8F-955A-67743965AB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "022F28CD-4D6B-48AB-8E39-244E19D34F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "16B5986E-1029-4D40-8012-1FF1615C929A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "45439989-0D3B-4DCE-AB35-B63B1543CD59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCD4F3C-8BD4-4367-B00C-A1379C158625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "12F2CFB7-5ACF-4328-B0F8-C3A981CAA368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3A72EF-FB1C-4CD8-B6C7-B7D60D6A14D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "14624E40-3CAA-45E5-BDF2-F08706FC68BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E743ABC3-6F24-43E1-98E5-6F60BE975212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDA000C-A616-402B-B964-D5F4ADB6B550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "62789464-0074-4009-B97B-665A21E0CC25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4B02B1BA-4E05-4AFD-B1F8-1CB54F2DC5B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "95A77487-3ABD-40F5-9C98-49A65ED7F16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3911F202-5E7B-4DE3-90D9-07278923036B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF1B6CF-3434-4874-9324-87D045511A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "133CA307-1B3A-4DBB-89F8-C780E4B1BA7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "48CD2EAB-A10E-4C91-9D00-9F98BD63CA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "F97BE4C9-E7FC-44FE-9F11-7776BCD6E81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "D97EAF12-679B-4494-871F-0074ABD0E20B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "70F58963-0C56-4228-B9DC-1EA54DA8070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D91451B0-301B-430D-9D77-00F4AE91C10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "344CCDAD-64EC-419C-995B-51F922AB9E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB8FC4-F84A-47FD-9586-CF02761152A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D57BDDEB-090D-472C-9FB6-4555429860E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F430F4C6-A738-4E02-BE76-041F71335E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64EE97BB-D0EE-444A-96FA-D127892216F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FB28F388-DE19-4C25-A838-949CA926C31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "435C588C-A478-4FB8-A47D-2605CB39C331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDDABF3-ECA6-433E-A7D6-8E13F0C6433B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0142E0D7-85DD-413B-B176-2FB5E12C2FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "780D6C0C-2B20-425E-B15E-EE1AF9F28B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2D3896-E095-4889-A9D1-6D8EB2882D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C3CCDF3A-BEAB-4DA2-A15A-A855FFFD415A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "425F7D5B-EE8A-46EC-B986-414FB90702C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC83E92-882B-4984-80FC-FAB7F5CD52E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFAAACF-FD4A-4B1C-A35A-E11189DE2F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A62B585C-2FC8-448F-97E7-CAC59548B03A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "07815863-DBCF-41E9-A459-9CE57B74E489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F826F2B5-F00A-44FE-9229-B4597017DE9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E4F6F8-80F3-433D-B702-9DEF6D375A64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE75031-0B8B-44A7-B541-F395BE7AF473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "827A375E-8045-4A81-AB7C-11A89E862518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC1076D-2249-406B-9D43-B24764BBE007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F039CD91-0FF6-4640-B981-20A3F9384A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "567E66B1-53D9-4A80-A938-2FE5C7CEB985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2186BE-288F-40FD-B634-76D14578E252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "773043EA-8C41-4F42-9702-660FD6822FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "37E05061-D666-492E-AF2B-CF30FC2FA759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A22BC2E4-A2A5-4637-A9B9-9E68FC982BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "68DF059C-4C1D-4B9C-993E-1C4D3510471C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9A21B6-4A22-4801-8023-45F39EC02576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA5F76C-3524-4E80-985F-FC74DD20B5E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB890F0-3126-4FDD-8162-AC28754D3D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35CAA298-D755-4668-A568-439532DF7A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "13B53422-C666-4140-BF8A-EEDB8AC95A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B1861D-61C3-469E-B37F-B76758626BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "07517D8A-C31B-4F4E-87A0-3239F88015DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1736E9EB-AC26-44D7-99EB-99CC1F596CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E94E55DE-7CCB-4C91-BBB3-9D11FF5F9440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E03D0521-C985-4A2C-A848-43BE614F9113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFBDD69-430C-4312-8B28-4A51FB4BC8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BE31FE31-3F85-41F3-9DCB-58A090E63DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*",
"matchCriteriaId": "18A0842D-2CAC-4372-80D0-68BCCC28C7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A91948CE-E418-4450-AB62-9078D3A0FBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D34267DC-A768-4A0F-BB54-74314B70E4F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "160B3AD7-37A3-4A01-B1CD-83E6500E145A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE61F19-A2C3-4FE9-9C5A-D1FB949B6CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFE7E2-12FC-4819-8615-F76A312E8BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4993D25F-607B-4486-B9EC-566A1EEBE73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9FEF4D26-DD0C-4E67-8901-8B38A51C1FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49CE4BAE-77EC-469D-9FE2-A807B7E2EC64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7921C926-450B-4EFF-B610-B8B8FD17AE1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs."
},
{
"lang": "es",
"value": "La funci\u00f3n _gnutls_ecc_ansi_x963_export en gnutls_ecc.c en GnuTLS 3.x anterior a 3.1.28, 3.2.x anterior a 3.2.20, y 3.3.x anterior a 3.3.10 permite a atacantes remotos causar una denegaci\u00f3n de servicio (escritura fuera de rango) a trav\u00e9s de un certificado malicioso ECC de tipo (1) curva el\u00edptica criptogr\u00e1fica o (2) peticiones de solicitudes de firma de certificado (CSR), relacionado con la generaci\u00f3n de key IDs."
}
],
"id": "CVE-2014-8564",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-13T21:32:13.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1846.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59991"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62284"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62294"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2403-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1846.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2403-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161443"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-08 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2016/06/07/6 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1343505 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/06/07/6 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1343505 | Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB87842-8AED-4110-807B-AD8BC3B840BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"GNUTLS_KEYLOGFILE\" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem."
},
{
"lang": "es",
"value": "La variable de entorno \"GNUTLS_KEYLOGFILE\" en gnutls 3.4.12 permite que atacantes remotos sobrescriban y corrompan archivos arbitrarios en el sistema de archivos."
}
],
"id": "CVE-2016-4456",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-08T21:29:00.407",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/07/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343505"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-16 14:15
Modified
2024-11-21 08:46
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| netapp | active_iq_unified_manager | - | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B04601A-3664-4F94-A0AE-70AE438430F5",
"versionEndExcluding": "3.8.3",
"versionStartIncluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en GnuTLS, donde una cabina (que usa gnuTLS) rechaza una cadena de certificados con confianza distribuida. Este problema ocurre al validar una cadena de certificados con cockpit-certificate-ensure. Este fallo permite que un cliente o atacante remoto no autenticado inicie un ataque de denegaci\u00f3n de servicio."
}
],
"id": "CVE-2024-0567",
"lastModified": "2024-11-21T08:46:53.563",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-16T14:15:48.527",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1082"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0567"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258544"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1521"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240202-0011/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-15 18:15
Modified
2025-03-19 18:15
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | 3.6.8-11.el8_2 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| netapp | active_iq_unified_manager | - | |
| netapp | converged_systems_advisor_agent | - | |
| netapp | ontap_select_deploy_administration_utility | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.6.8-11.el8_2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE4C2DF-8869-439F-99E2-2A0E7A03A96F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:converged_systems_advisor_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A865472-D6A4-49D9-96E5-D33D0E58144D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection."
}
],
"id": "CVE-2023-0361",
"lastModified": "2025-03-19T18:15:18.747",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-02-15T18:15:11.683",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0361"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/tlsfuzzer/tlsfuzzer/pull/679"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1050"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230324-0005/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/tlsfuzzer/tlsfuzzer/pull/679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230324-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-13 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "756A2865-1786-470A-9A62-B5E2AF659DA6",
"versionEndIncluding": "3.0.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A466931C-769A-4A28-B072-10930CE655E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "10F621DC-7967-4D97-A562-02E7033C89C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "776E5481-399F-45BC-AD20-A18508B03916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "63D7F972-9128-4A4D-8508-B38CE2F155E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "54FE4766-32D0-491E-8C71-5B998C468142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7F980857-2364-466A-8366-BD017D242222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E649D-5C45-4412-927B-E3EDCE07587C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "052B40C1-C29B-4189-9A45-DAE873AB716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61D05BC3-1315-4AC7-884D-41459272C94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "738F29DA-9741-4BA5-B370-417443A3AC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52173492-1031-4AA4-A600-6210581059D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB636C36-2884-4F66-B68A-4494AEAF90C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9200C3-0F46-4238-918B-38D95BF11547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B84A4F5-CED7-4633-913F-BE8235F68616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB6EC88-DCE0-439B-89CD-18229965849B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2C89DD-CDBD-4772-A031-089F32006D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00DE1208-BDDC-405B-A34A-B58D00A279DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C952BF-A135-4B15-8A51-94D66B618469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADED309-0A25-478D-B542-96217A0DD63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F714D22-873A-4D64-8151-86BB55EFD084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9181F9-50FF-4995-9554-022CF93376C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86C70F69-FB80-4F32-A798-71A5153E6C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A1E604-500E-4181-BF66-BB69C7C3F425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7073EAD-06C9-4309-B479-135021E82B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1895868E-E501-42C2-8450-EEED4447BAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "199AA36A-3B23-438C-9109-CC9000372986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6FFF05-37B2-4D69-86AF-921591382D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "22802660-D33F-4683-B82F-C94AC6170A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DBAF08-1441-4F14-A740-E90044B77042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3B6684-3890-4B60-BE67-D06045A86B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D61596-01EB-4936-923B-63537625F926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "599EB59C-7717-47A8-84C6-78B6D79AEB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26E9005E-5034-43F2-B96E-7829E19FE3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83F22BF4-A738-438B-8D0B-6993640F0D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF269AE-121B-4982-A765-5C7E806FA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C9F604-7FBE-4759-B039-8F5894574203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "191821CD-E4CB-4269-B04C-284A9F9783B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A71474-958D-4689-A652-3E2A731F47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38169043-17DF-4CF9-963A-8770B8882357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4537676-A72E-4433-B44F-3664EDD6F240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D085B16-3116-423F-BDE0-2D93E12650A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D245A-D983-40AD-89A7-0EA00D38D570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7223691-225D-4649-B410-F41D2C489BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F786B6F2-77FC-4DFE-A574-2C00EDC08CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "350A6845-77D6-4D63-A13C-5DAB55F98727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D457688-987A-4059-AA58-D9BF19ABC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20043D-EC85-4003-9E7B-27AB50F4E133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "18A2C47E-510D-4537-8F51-3763A73E8E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4704D411-7B24-4B1F-9D40-A39A178FF873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B5E7C27-A5D9-4ABD-AFC5-5367083F387F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3091701-9B7C-4494-A82E-6E6F64656D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "541BCA04-0500-4388-9140-55C17E17EB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E11431F6-8C9D-40E1-84F6-CD25147DB15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC3D824-585E-49F1-9E44-902F5C7D57D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2097221B-46C2-480C-8D79-54080186BB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CEC430-8CFF-4DC5-9B2B-338C401B1984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DAA60D-F9B4-4045-81C2-29AD913E7BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "547CC163-57F9-4418-BFB1-0E688DEEE0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A274912-B16F-4B91-8CC0-E5CEED04B678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA84D0DE-B63F-41E4-AB04-70D2F5134D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5552C7B3-5D56-4858-B138-F49CD1F90513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7E11DD-6AFC-4271-92D5-FB41CA6E1B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BA23D0EC-6014-4303-962A-1936EFCE3D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA54B99-2FF1-432F-9587-8F384323CADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39F59B50-BC97-43B3-BC15-C767F420291E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "37B25626-7C72-4BAE-85FF-415A5F376A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31E092EF-D7F6-4160-B928-3C3EA1198B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "185A2FAD-5541-4439-924B-406BD33E6FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "854F260C-4C7D-4855-8644-4B6DC7CD5657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "07E877F8-3623-4295-816F-7EE4FFDE1599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86E711C7-37EE-4957-BD49-FA08103357BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A964A74F-CC0E-4E2E-8DBB-858A66EA2566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC43DD1B-D8F0-4CC6-A5A9-C0DCEB1A7131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8150D656-9B13-49D0-9960-4C78E057AB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0161F845-C5F4-4318-949A-499A4062FB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C42F577F-264C-4F8F-955A-67743965AB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "022F28CD-4D6B-48AB-8E39-244E19D34F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "16B5986E-1029-4D40-8012-1FF1615C929A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "45439989-0D3B-4DCE-AB35-B63B1543CD59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list."
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberaci\u00f3n en libgnutls en GnuTLS antes de 3.0.14 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente tener un impacto no especificado a trav\u00e9s de una lista de certificados modificados."
}
],
"id": "CVE-2012-1663",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-13T22:55:03.067",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5866"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/24865"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/24865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74099"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-24 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCB1A63-F2CF-474F-AAF6-CE225C58B765",
"versionEndIncluding": "3.3.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2434168D-05A8-4300-9069-C55566A5EAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BACD6E9A-8CCA-44C3-AE54-BAABEAB5BB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6FA626-AEE9-4E3B-8BE4-3F2D46FF072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA302AC-1DE9-4D36-94B2-BB4411E9BF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71805931-872A-4F1A-A8B4-82347C2EF90E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A489C2-4824-4133-83E0-625AA454E959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D38B82-82A7-4943-BE1C-77EC707289D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "850A1174-F1E7-47EA-AF71-FEB6C4379EDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate."
},
{
"lang": "es",
"value": "El desbordamiento de b\u00fafer basado en la pila en la funci\u00f3n cdk_pk_get_keyid en lib/opencdk/pubkey.c en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de un certificado OpenPGP manipulado."
}
],
"id": "CVE-2017-5336",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-24T15:59:00.873",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"source": "security@debian.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95377"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"source": "security@debian.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-04"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-14 19:07
Modified
2025-04-03 01:03
Severity ?
Summary
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | 1.0.17 | |
| gnu | gnutls | 1.0.18 | |
| gnu | gnutls | 1.0.19 | |
| gnu | gnutls | 1.0.20 | |
| gnu | gnutls | 1.0.21 | |
| gnu | gnutls | 1.0.22 | |
| gnu | gnutls | 1.0.23 | |
| gnu | gnutls | 1.0.24 | |
| gnu | gnutls | 1.0.25 | |
| gnu | gnutls | 1.1.14 | |
| gnu | gnutls | 1.1.15 | |
| gnu | gnutls | 1.1.16 | |
| gnu | gnutls | 1.1.17 | |
| gnu | gnutls | 1.1.18 | |
| gnu | gnutls | 1.1.19 | |
| gnu | gnutls | 1.1.20 | |
| gnu | gnutls | 1.1.21 | |
| gnu | gnutls | 1.1.22 | |
| gnu | gnutls | 1.1.23 | |
| gnu | gnutls | 1.2.0 | |
| gnu | gnutls | 1.2.1 | |
| gnu | gnutls | 1.2.2 | |
| gnu | gnutls | 1.2.3 | |
| gnu | gnutls | 1.2.4 | |
| gnu | gnutls | 1.2.5 | |
| gnu | gnutls | 1.2.6 | |
| gnu | gnutls | 1.2.7 | |
| gnu | gnutls | 1.2.8 | |
| gnu | gnutls | 1.2.8.1a1 | |
| gnu | gnutls | 1.2.9 | |
| gnu | gnutls | 1.2.10 | |
| gnu | gnutls | 1.2.11 | |
| gnu | gnutls | 1.3.0 | |
| gnu | gnutls | 1.3.1 | |
| gnu | gnutls | 1.3.2 | |
| gnu | gnutls | 1.3.3 | |
| gnu | gnutls | 1.3.4 | |
| gnu | gnutls | 1.3.5 | |
| gnu | gnutls | 1.4.0 | |
| gnu | gnutls | 1.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A466931C-769A-4A28-B072-10930CE655E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "10F621DC-7967-4D97-A562-02E7033C89C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "776E5481-399F-45BC-AD20-A18508B03916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "63D7F972-9128-4A4D-8508-B38CE2F155E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "54FE4766-32D0-491E-8C71-5B998C468142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7F980857-2364-466A-8366-BD017D242222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E649D-5C45-4412-927B-E3EDCE07587C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "052B40C1-C29B-4189-9A45-DAE873AB716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61D05BC3-1315-4AC7-884D-41459272C94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "738F29DA-9741-4BA5-B370-417443A3AC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52173492-1031-4AA4-A600-6210581059D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB636C36-2884-4F66-B68A-4494AEAF90C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9200C3-0F46-4238-918B-38D95BF11547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B84A4F5-CED7-4633-913F-BE8235F68616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB6EC88-DCE0-439B-89CD-18229965849B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339."
},
{
"lang": "es",
"value": "verify.c en GnuTLS anterior a 1.4.4, cuando usamos una llave RSA con exponente 3, no maneja correctamente el exceso de datos en el campo digestAlgorithm.parameters al generar un hash, el cual permite a un atacante remoto falsificar una firma PKCS #1 v1.5 que es firmada por esa llave RSA y evita que GnuTLS verifique correctamente X.509 y otros certificados que utilicen PKCS, es una variante de CVE-2006-4339."
}
],
"id": "CVE-2006-4790",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-14T19:07:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21937"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21942"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21973"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22049"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22080"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22084"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22097"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22226"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22992"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/25762"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200609-15.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016844"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2006/dsa-1182"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:166"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0680.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/20027"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-348-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3635"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3899"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/2289"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28953"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200609-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0680.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-348-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-01 15:29
Modified
2024-11-21 04:42
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE69D892-FC7F-4CBC-ADCD-1A45B18B6827",
"versionEndExcluding": "3.6.7",
"versionStartIncluding": "3.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages."
},
{
"lang": "es",
"value": "Se descubri\u00f3 en gnutls, antes de la versi\u00f3n 3.6.7 upstream, que hay un acceso de puntero no inicializado en gnutls, en versiones 3.6.4 o posteriores, que puede desencadenarse por determinados mensajes \"post-handshake\"."
}
],
"id": "CVE-2019-3836",
"lastModified": "2024-11-21T04:42:39.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-01T15:29:01.060",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/issues/704"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0005/"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/issues/704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3999-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-456"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-30 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5EDD6F6-742C-4A59-AFB5-A7BCFB6AA759",
"versionEndIncluding": "2.6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A466931C-769A-4A28-B072-10930CE655E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "10F621DC-7967-4D97-A562-02E7033C89C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "776E5481-399F-45BC-AD20-A18508B03916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "63D7F972-9128-4A4D-8508-B38CE2F155E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "54FE4766-32D0-491E-8C71-5B998C468142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7F980857-2364-466A-8366-BD017D242222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E649D-5C45-4412-927B-E3EDCE07587C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "052B40C1-C29B-4189-9A45-DAE873AB716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61D05BC3-1315-4AC7-884D-41459272C94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "738F29DA-9741-4BA5-B370-417443A3AC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52173492-1031-4AA4-A600-6210581059D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB636C36-2884-4F66-B68A-4494AEAF90C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9200C3-0F46-4238-918B-38D95BF11547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B84A4F5-CED7-4633-913F-BE8235F68616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB6EC88-DCE0-439B-89CD-18229965849B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2C89DD-CDBD-4772-A031-089F32006D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00DE1208-BDDC-405B-A34A-B58D00A279DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C952BF-A135-4B15-8A51-94D66B618469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADED309-0A25-478D-B542-96217A0DD63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F714D22-873A-4D64-8151-86BB55EFD084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9181F9-50FF-4995-9554-022CF93376C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86C70F69-FB80-4F32-A798-71A5153E6C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A1E604-500E-4181-BF66-BB69C7C3F425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7073EAD-06C9-4309-B479-135021E82B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1895868E-E501-42C2-8450-EEED4447BAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "199AA36A-3B23-438C-9109-CC9000372986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6FFF05-37B2-4D69-86AF-921591382D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "22802660-D33F-4683-B82F-C94AC6170A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DBAF08-1441-4F14-A740-E90044B77042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3B6684-3890-4B60-BE67-D06045A86B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D61596-01EB-4936-923B-63537625F926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "599EB59C-7717-47A8-84C6-78B6D79AEB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26E9005E-5034-43F2-B96E-7829E19FE3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83F22BF4-A738-438B-8D0B-6993640F0D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF269AE-121B-4982-A765-5C7E806FA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C9F604-7FBE-4759-B039-8F5894574203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "191821CD-E4CB-4269-B04C-284A9F9783B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A71474-958D-4689-A652-3E2A731F47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38169043-17DF-4CF9-963A-8770B8882357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4537676-A72E-4433-B44F-3664EDD6F240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D085B16-3116-423F-BDE0-2D93E12650A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D245A-D983-40AD-89A7-0EA00D38D570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7223691-225D-4649-B410-F41D2C489BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "350A6845-77D6-4D63-A13C-5DAB55F98727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D457688-987A-4059-AA58-D9BF19ABC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20043D-EC85-4003-9E7B-27AB50F4E133",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup."
},
{
"lang": "es",
"value": "gnutls-cli en GnuTLS anteriores a v2.6.6 no verifica la activaci\u00f3n y tiempos de caducidad de los certificados X.509, lo cual permite a atacantes remotos presentar con \u00e9xito un certificado que (1) a\u00fan es v\u00e1lido o (2) ya no es v\u00e1lido, en relaci\u00f3n con la falta de controles en el tiempo la funci\u00f3n _gnutls_x509_verify_certificate en lib/x509/verify.c en libgnutls_x509, utilizado por (a) Exim, (b) OpenLDAP y (c) libsoup."
}
],
"id": "CVE-2009-1417",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-30T20:30:00.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34842"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35211"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34783"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022159"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50261"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 4, or 5.\n\nFor further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1417\n",
"lastModified": "2009-08-11T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-13 01:00
Modified
2025-04-09 00:30
Severity ?
Summary
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| fedoraproject | fedora | 8 | |
| fedoraproject | fedora | 9 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 7.10 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| debian | debian_linux | 4.0 | |
| opensuse | opensuse | * | |
| suse | linux_enterprise | 10.0 | |
| suse | linux_enterprise | 11.0 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA85285-1376-4569-8EC1-66E1625E258D",
"versionEndExcluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF141FBE-4CA5-4695-94A0-8BE1309D28CC",
"versionEndIncluding": "11.1",
"versionStartIncluding": "10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AED08A6F-CD23-4405-B1CF-C96BB8AE7D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1608E282-2E96-4447-848D-DBE915DB0EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*",
"matchCriteriaId": "38C3AEB0-59E2-400A-8943-60C0A223B680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
"matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN)."
},
{
"lang": "es",
"value": "La funci\u00f3n _gnutls_x509_verify_certificate en lib/x509/verify.c en libgnutls en GnuTLS antes de v2.6.1 conf\u00eda en las cadenas de certificado en las que el \u00faltimo certificado es un certificado de confianza arbitraria, auto-firmado, lo que permite a atacantes de tipo \"hombre en el medio\" (man-in-the-middle) insertar un certificado falso para cualquier Distinguished Name(DN)."
}
],
"id": "CVE-2008-4989",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2008-11-13T01:00:01.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32619"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/32681"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/32687"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/32879"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/33501"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/33694"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35423"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200901-10.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0322"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1719"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:227"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0982.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/498431/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/32232"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021167"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-678-2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/3086"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1567"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46482"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-2886"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/678-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/32681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/32687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/32879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/33501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/33694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200901-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0982.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/498431/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/32232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-678-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/3086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-2886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/678-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-22 13:29
Modified
2024-11-21 03:42
Severity ?
Summary
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA0072D-DE2F-467F-9143-371A8CCB9000",
"versionEndExcluding": "3.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets."
},
{
"lang": "es",
"value": "Se ha detectado que la implementaci\u00f3n GnuTLS de HMAC-SHA-384 era vulnerable a un ataque de estilo Lucky Thirteen. Los atacantes remotos podr\u00edan utilizar este fallo para realizar ataques de distinci\u00f3n y de recuperaci\u00f3n en texto plano mediante an\u00e1lisis estad\u00edsticos de datos temporales mediante paquetes manipulados."
}
],
"id": "CVE-2018-10845",
"lastModified": "2024-11-21T03:42:07.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-22T13:29:00.440",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105138"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://eprint.iacr.org/2018/747"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://eprint.iacr.org/2018/747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3999-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-385"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-16 12:15
Modified
2024-11-21 08:46
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| fedoraproject | fedora | 39 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4950F54-4C00-423E-9483-239B4B907912",
"versionEndExcluding": "3.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en GnuTLS. Los tiempos de respuesta a textos cifrados con formato incorrecto en RSA-PSK ClientKeyExchange difieren de los tiempos de respuesta de textos cifrados con el relleno PKCS#1 v1.5 correcto. Este problema puede permitir que un atacante remoto realice un ataque de canal lateral de sincronizaci\u00f3n en el intercambio de claves RSA-PSK, lo que podr\u00eda provocar la fuga de datos confidenciales. CVE-2024-0553 est\u00e1 designado como una resoluci\u00f3n incompleta para CVE-2023-5981."
}
],
"id": "CVE-2024-0553",
"lastModified": "2024-11-21T08:46:51.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-16T12:15:45.557",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0627"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0796"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1082"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1108"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0553"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:1082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:1108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240202-0011/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-09 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | * | |
| gnu | gnutls | * | |
| mozilla | nss | * | |
| openssl | openssl | * | |
| openssl | openssl | 1.0 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| canonical | ubuntu_linux | 9.10 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 11 | |
| fedoraproject | fedora | 12 | |
| fedoraproject | fedora | 13 | |
| fedoraproject | fedora | 14 | |
| f5 | nginx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BD8600-0EF7-4612-B5C4-E327C0828479",
"versionEndIncluding": "2.2.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38090AC3-C511-4C40-91A5-084CBEC11F34",
"versionEndIncluding": "2.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*",
"matchCriteriaId": "285433B6-03F9-495E-BACA-AA47A014411C",
"versionEndIncluding": "3.12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB35F63F-7856-42EE-87A6-7EC7F10C2032",
"versionEndIncluding": "0.9.8k",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*",
"matchCriteriaId": "718F8E8D-0940-4055-A948-96D25C79323B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
"matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06B2E3E1-C2E0-4A4E-A84D-93C456E868E7",
"versionEndIncluding": "0.8.22",
"versionStartIncluding": "0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue."
},
{
"lang": "es",
"value": "El protocolo TLS y el protocolo SSL v3.0 y posiblemente versiones anteriores, tal y como se usa en Microsoft Internet Information Services (IIS) v7.0, mod_ssl en el servidor HTTP Apache v2.2.14 y anteriores, OpenSSL antes de v0.9.8l, GnuTLS v2.8.5 y anteriores, Mozilla Network Security Services (NSS) v3.12.4 y anteriores, y otros productos, no asocia apropiadamente la renegociaci\u00f3n del Handshake SSL en una conexi\u00f3n existente, lo que permite ataques man-in-the-middle en los que el atacante inserta datos en sesiones HTTPS, y posiblemente otro tipo de sesiones protegidas por SSL o TLS, enviando una petici\u00f3n de autenticaci\u00f3n que es procesada retroactivamente por un servidor en un contexto post-renegociaci\u00f3n. Se trata de un ataque de \"inyecci\u00f3n de texto plano\", tambi\u00e9n conocido como el problema del \"Proyecto Mogul\"."
}
],
"id": "CVE-2009-3555",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-09T17:30:00.407",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://clicky.me/tlsvuln"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://extendedsubset.com/?p=8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://extendedsubset.com/Renegotiating_TLS.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://kbase.redhat.com/faq/docs/DOC-20491"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://openbsd.org/errata45.html#010_openssl"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://openbsd.org/errata46.html#004_openssl"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/60521"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/60972"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/62210"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/65202"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2009/Nov/139"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37291"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37292"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37383"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37399"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37453"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37501"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37504"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37604"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37640"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37656"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37675"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37859"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38003"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38020"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38056"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38241"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38484"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38687"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38781"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39127"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39136"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39242"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39243"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39278"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39292"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39317"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39461"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39500"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39628"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39632"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39713"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39819"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/40070"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/40545"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/40747"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/40866"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41480"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41490"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41818"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41967"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41972"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42377"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42379"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42467"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42724"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42733"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42808"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42811"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42816"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43308"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44183"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44954"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/48577"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023148"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4004"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4170"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4171"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100070150"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100081611"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100114315"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100114327"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.citrix.com/article/CTX123359"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://ubuntu.com/usn/usn-923-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.betanews.com/article/1257452450"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1934"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2141"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ingate.com/Relnote.php?ver=481"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/120541"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.links.org/?p=780"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.links.org/?p=786"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.links.org/?p=789"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openssl.org/news/secadv_20091111.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/support/search/view/944/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36935"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023163"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023204"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023205"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023206"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023207"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023208"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023209"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023210"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023211"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023212"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023213"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023214"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023215"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023216"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023217"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023218"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023219"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023224"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023243"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023270"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023271"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023272"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023273"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023274"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023275"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023411"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023426"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023427"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023428"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024789"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.tombom.co.uk/blog/?p=85"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1010-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-927-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-927-4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-927-5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3164"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3165"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3205"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3220"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3310"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3313"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3353"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3484"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3521"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3587"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0086"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0173"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0748"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0848"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0916"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0933"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0982"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0994"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1054"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1191"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1350"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1639"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1673"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2010"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2745"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3069"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3086"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0032"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0033"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0086"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://clicky.me/tlsvuln"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://extendedsubset.com/?p=8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://extendedsubset.com/Renegotiating_TLS.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://kbase.redhat.com/faq/docs/DOC-20491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://openbsd.org/errata45.html#010_openssl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://openbsd.org/errata46.html#004_openssl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/60521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/60972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/62210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/65202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2009/Nov/139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/39819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/40070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/40545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/40747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/40866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/44954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/48577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100070150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100081611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100114315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100114327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.citrix.com/article/CTX123359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://ubuntu.com/usn/usn-923-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.betanews.com/article/1257452450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ingate.com/Relnote.php?ver=481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/120541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.links.org/?p=780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.links.org/?p=786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.links.org/?p=789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openssl.org/news/secadv_20091111.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.opera.com/support/search/view/944/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1023428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.tombom.co.uk/blog/?p=85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1010-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-927-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-927-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-927-5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555\n\nAdditional information can be found in the Red Hat Knowledgebase article:\nhttp://kbase.redhat.com/faq/docs/DOC-20491",
"lastModified": "2009-11-20T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-07 00:10
Modified
2025-04-12 10:46
Severity ?
Summary
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6933E02-FFDA-4A43-B57A-4DAB1562ECAC",
"versionEndIncluding": "2.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAA2229-7618-49C1-B420-E0E46DC89D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63BC1989-DBCD-4006-916D-719A2CD92CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9497DC81-8CFF-44DD-BF0A-D2B5A9482131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F15C655C-2833-4263-BD99-F31331AC80CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B5E7C27-A5D9-4ABD-AFC5-5367083F387F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959."
},
{
"lang": "es",
"value": "GnuTLS anterior a 2.7.6, cuando el indicador GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT no est\u00e1 habilitado, trata certificados X.509 de versi\u00f3n 1 como CAs intermedios, lo que permite a atacantes remotos evadir restricciones mediante el aprovechamiento de un certificado X.509 V1 de un CA confiable para emitir certificados nuevos, una vulnerabilidad diferente a CVE-2014-1959."
}
],
"id": "CVE-2009-5138",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-07T00:10:53.323",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://article.gmane.org/gmane.comp.security.oss.general/12223"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0247.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57254"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57274"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57321"
},
{
"source": "secalert@redhat.com",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361"
},
{
"source": "secalert@redhat.com",
"url": "http://thread.gmane.org/gmane.comp.security.oss.general/12127"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069301"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://article.gmane.org/gmane.comp.security.oss.general/12223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://thread.gmane.org/gmane.comp.security.oss.general/12127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-26 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E74CD4C2-9970-4B33-9697-DD51275ADEEC",
"versionEndIncluding": "2.12.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D61596-01EB-4936-923B-63537625F926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "599EB59C-7717-47A8-84C6-78B6D79AEB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26E9005E-5034-43F2-B96E-7829E19FE3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83F22BF4-A738-438B-8D0B-6993640F0D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF269AE-121B-4982-A765-5C7E806FA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C9F604-7FBE-4759-B039-8F5894574203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "191821CD-E4CB-4269-B04C-284A9F9783B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A71474-958D-4689-A652-3E2A731F47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38169043-17DF-4CF9-963A-8770B8882357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4537676-A72E-4433-B44F-3664EDD6F240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D085B16-3116-423F-BDE0-2D93E12650A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D245A-D983-40AD-89A7-0EA00D38D570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7223691-225D-4649-B410-F41D2C489BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F786B6F2-77FC-4DFE-A574-2C00EDC08CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "350A6845-77D6-4D63-A13C-5DAB55F98727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D457688-987A-4059-AA58-D9BF19ABC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20043D-EC85-4003-9E7B-27AB50F4E133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "18A2C47E-510D-4537-8F51-3763A73E8E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4704D411-7B24-4B1F-9D40-A39A178FF873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B5E7C27-A5D9-4ABD-AFC5-5367083F387F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3091701-9B7C-4494-A82E-6E6F64656D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "541BCA04-0500-4388-9140-55C17E17EB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E11431F6-8C9D-40E1-84F6-CD25147DB15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC3D824-585E-49F1-9E44-902F5C7D57D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2097221B-46C2-480C-8D79-54080186BB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CEC430-8CFF-4DC5-9B2B-338C401B1984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DAA60D-F9B4-4045-81C2-29AD913E7BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "547CC163-57F9-4418-BFB1-0E688DEEE0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A274912-B16F-4B91-8CC0-E5CEED04B678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA84D0DE-B63F-41E4-AB04-70D2F5134D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5552C7B3-5D56-4858-B138-F49CD1F90513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7E11DD-6AFC-4271-92D5-FB41CA6E1B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BA23D0EC-6014-4303-962A-1936EFCE3D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA54B99-2FF1-432F-9587-8F384323CADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39F59B50-BC97-43B3-BC15-C767F420291E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "37B25626-7C72-4BAE-85FF-415A5F376A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31E092EF-D7F6-4160-B928-3C3EA1198B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "185A2FAD-5541-4439-924B-406BD33E6FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "854F260C-4C7D-4855-8644-4B6DC7CD5657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "07E877F8-3623-4295-816F-7EE4FFDE1599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "86E711C7-37EE-4957-BD49-FA08103357BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A964A74F-CC0E-4E2E-8DBB-858A66EA2566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5B36918C-BB8D-4B8E-8868-7726C5ADD4FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC43DD1B-D8F0-4CC6-A5A9-C0DCEB1A7131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8150D656-9B13-49D0-9960-4C78E057AB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0161F845-C5F4-4318-949A-499A4062FB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C42F577F-264C-4F8F-955A-67743965AB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "022F28CD-4D6B-48AB-8E39-244E19D34F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "16B5986E-1029-4D40-8012-1FF1615C929A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "45439989-0D3B-4DCE-AB35-B63B1543CD59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCD4F3C-8BD4-4367-B00C-A1379C158625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "12F2CFB7-5ACF-4328-B0F8-C3A981CAA368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure."
},
{
"lang": "es",
"value": "gnutls_cipher.c en libgnutls en GnuTLS antes de v2.12.17 y v3.x antes de v3.0.15 no maneja adecuadamente los datos cifrados con un cifrado de bloques, lo que permite provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de la pila de memoria y ca\u00edda de la aplicaci\u00f3n) a atacantes remotos a trav\u00e9s de un registro hecho a mano, como se demuestra por una estructura GenericBlockCipher especificamente creada para este fin."
}
],
"id": "CVE-2012-1573",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-26T19:55:01.390",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
},
{
"source": "secalert@redhat.com",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910"
},
{
"source": "secalert@redhat.com",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"source": "secalert@redhat.com",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d"
},
{
"source": "secalert@redhat.com",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/80259"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48488"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48511"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48596"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48712"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2441"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52667"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1026828"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1418-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1418-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-12 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DF1A90-D8BB-40B5-B136-39300DB1EFE3",
"versionEndIncluding": "2.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A466931C-769A-4A28-B072-10930CE655E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "10F621DC-7967-4D97-A562-02E7033C89C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "776E5481-399F-45BC-AD20-A18508B03916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "63D7F972-9128-4A4D-8508-B38CE2F155E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "54FE4766-32D0-491E-8C71-5B998C468142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7F980857-2364-466A-8366-BD017D242222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E649D-5C45-4412-927B-E3EDCE07587C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "052B40C1-C29B-4189-9A45-DAE873AB716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61D05BC3-1315-4AC7-884D-41459272C94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "738F29DA-9741-4BA5-B370-417443A3AC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52173492-1031-4AA4-A600-6210581059D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB636C36-2884-4F66-B68A-4494AEAF90C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9200C3-0F46-4238-918B-38D95BF11547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B84A4F5-CED7-4633-913F-BE8235F68616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB6EC88-DCE0-439B-89CD-18229965849B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2C89DD-CDBD-4772-A031-089F32006D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00DE1208-BDDC-405B-A34A-B58D00A279DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C952BF-A135-4B15-8A51-94D66B618469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADED309-0A25-478D-B542-96217A0DD63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F714D22-873A-4D64-8151-86BB55EFD084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9181F9-50FF-4995-9554-022CF93376C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86C70F69-FB80-4F32-A798-71A5153E6C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A1E604-500E-4181-BF66-BB69C7C3F425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7073EAD-06C9-4309-B479-135021E82B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1895868E-E501-42C2-8450-EEED4447BAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "199AA36A-3B23-438C-9109-CC9000372986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6FFF05-37B2-4D69-86AF-921591382D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "22802660-D33F-4683-B82F-C94AC6170A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DBAF08-1441-4F14-A740-E90044B77042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3B6684-3890-4B60-BE67-D06045A86B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D61596-01EB-4936-923B-63537625F926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "599EB59C-7717-47A8-84C6-78B6D79AEB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26E9005E-5034-43F2-B96E-7829E19FE3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83F22BF4-A738-438B-8D0B-6993640F0D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF269AE-121B-4982-A765-5C7E806FA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C9F604-7FBE-4759-B039-8F5894574203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "191821CD-E4CB-4269-B04C-284A9F9783B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A71474-958D-4689-A652-3E2A731F47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38169043-17DF-4CF9-963A-8770B8882357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4537676-A72E-4433-B44F-3664EDD6F240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D085B16-3116-423F-BDE0-2D93E12650A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D245A-D983-40AD-89A7-0EA00D38D570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7223691-225D-4649-B410-F41D2C489BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "350A6845-77D6-4D63-A13C-5DAB55F98727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D457688-987A-4059-AA58-D9BF19ABC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA20043D-EC85-4003-9E7B-27AB50F4E133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "18A2C47E-510D-4537-8F51-3763A73E8E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4704D411-7B24-4B1F-9D40-A39A178FF873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3091701-9B7C-4494-A82E-6E6F64656D85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libgnutls in GnuTLS before 2.8.2 does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
},
{
"lang": "es",
"value": "libgnutls en GnuTLS versiones anteriores a v2.8.2 no gestiona adecuadamente un car\u00e1cter \u0027\\0\u0027 en el nombre de dominio en los campos de identificaci\u00f3n (1) Common Name (CN) o (2) Subject Alternative Name (SAN) de un certificado X.509, permitiendo que atacantes \"hombre en el medio\" (man-in-the-middle) suplanten servidores SSL de su elecci\u00f3n mediante un certificado modificado que ha sido proporcionado por una Autoridad de Certificaci\u00f3n leg\u00edtima."
}
],
"id": "CVE-2009-2730",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-12T10:30:01.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://article.gmane.org/gmane.network.gnutls.general/1733"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36266"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36496"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/08/14/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1232.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022777"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://article.gmane.org/gmane.network.gnutls.general/1733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/08/14/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1232.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-20 14:12
Modified
2025-04-11 00:51
Severity ?
Summary
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | 3.2.0 | |
| gnu | gnutls | 3.2.1 | |
| gnu | gnutls | 3.2.2 | |
| gnu | gnutls | 3.2.3 | |
| gnu | gnutls | 3.2.4 | |
| gnu | gnutls | 3.2.5 | |
| gnu | gnutls | 3.1.0 | |
| gnu | gnutls | 3.1.1 | |
| gnu | gnutls | 3.1.2 | |
| gnu | gnutls | 3.1.3 | |
| gnu | gnutls | 3.1.4 | |
| gnu | gnutls | 3.1.5 | |
| gnu | gnutls | 3.1.6 | |
| gnu | gnutls | 3.1.7 | |
| gnu | gnutls | 3.1.8 | |
| gnu | gnutls | 3.1.9 | |
| gnu | gnutls | 3.1.10 | |
| gnu | gnutls | 3.1.11 | |
| gnu | gnutls | 3.1.12 | |
| gnu | gnutls | 3.1.13 | |
| gnu | gnutls | 3.1.14 | |
| gnu | gnutls | 3.1.15 | |
| opensuse | opensuse | 13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "827A375E-8045-4A81-AB7C-11A89E862518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC1076D-2249-406B-9D43-B24764BBE007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F039CD91-0FF6-4640-B981-20A3F9384A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "567E66B1-53D9-4A80-A938-2FE5C7CEB985",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D91451B0-301B-430D-9D77-00F4AE91C10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "344CCDAD-64EC-419C-995B-51F922AB9E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB8FC4-F84A-47FD-9586-CF02761152A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D57BDDEB-090D-472C-9FB6-4555429860E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F430F4C6-A738-4E02-BE76-041F71335E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64EE97BB-D0EE-444A-96FA-D127892216F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FB28F388-DE19-4C25-A838-949CA926C31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "435C588C-A478-4FB8-A47D-2605CB39C331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDDABF3-ECA6-433E-A7D6-8E13F0C6433B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466."
},
{
"lang": "es",
"value": "Error de superaci\u00f3n de l\u00edmite en dane_raw_tlsa en la librer\u00eda DANE (libdane) de GnuTLS 3.1.x anterior a la versi\u00f3n 3.1.16 y 3.2.x anterior a 3.2.6 permite en servidores remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una respuesta con m\u00e1s de 4 entradas DANE. NOTA: este problema se debe a una soluci\u00f3n incompleta para CVE-2013-4466."
}
],
"id": "CVE-2013-4487",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-20T14:12:30.447",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/31/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/31/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-05 20:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77216B5D-E820-4137-B00F-0B66CD08EEE1",
"versionEndExcluding": "3.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2350B15F-7A7A-4BCD-852D-F9999C61DEDF",
"versionEndExcluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37BA55FC-D350-4DEB-9802-40AF59C99E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "569964DA-31BE-4520-A66D-C3B09D557AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
"matchCriteriaId": "67960FB9-13D1-4DEE-8158-31BF31BCBE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
"matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48A2FBA9-207F-4F16-932D-BF0BA3440503",
"versionEndIncluding": "6.4.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6AC80F-9D91-468D-BEE3-6A0759723673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en el decodificador DER en GNU Libtasn1 en versiones anteriores a 3.6, como se utiliza en GnuTLS, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un archivo ASN.1 manipulado."
}
],
"id": "CVE-2014-3467",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-05T20:55:06.033",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58591"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58614"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59021"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59057"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59408"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60415"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61888"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "052B40C1-C29B-4189-9A45-DAE873AB716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"record packet parsing\" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c."
}
],
"id": "CVE-2005-1431",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15193"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013861"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16054"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-430.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13477"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20328"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-28 12:15
Modified
2024-11-21 08:42
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | 1.5.0 | |
| redhat | linux | 8.0 | |
| redhat | linux | 9.0 | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00DE1208-BDDC-405B-A34A-B58D00A279DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E66F7BF0-EF7C-4695-9D67-7C1A01C6F9B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en la que los tiempos de respuesta a textos cifrados con formato incorrecto en RSA-PSK ClientKeyExchange difieren de los tiempos de respuesta de textos cifrados con el relleno PKCS#1 v1.5 correcto."
}
],
"id": "CVE-2023-5981",
"lastModified": "2024-11-21T08:42:54.777",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-28T12:15:07.040",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0155"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0319"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0399"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0451"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5981"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248445"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-03 13:15
Modified
2024-11-21 04:58
Severity ?
Summary
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| canonical | ubuntu_linux | 19.10 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFED3757-264B-4E8D-B6DD-4E0B47E3BCC1",
"versionEndExcluding": "3.6.13",
"versionStartIncluding": "3.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 \u0027\\0\u0027 bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol."
},
{
"lang": "es",
"value": "GnuTLS versiones 3.6.x anteriores a 3.6.13, usa una criptograf\u00eda incorrecta para DTLS. La primera versi\u00f3n afectada es 3.6.3 (16-07-2018) debido a un error en un commit del 06-10-2017. El cliente DTLS siempre usa 32 bytes \"\\0\" en lugar de un valor aleatorio y, por lo tanto, no contribuye con la aleatoriedad en una negociaci\u00f3n DTLS. Esto rompe las garant\u00edas de seguridad del protocolo DTLS."
}
],
"id": "CVE-2020-11501",
"lastModified": "2024-11-21T04:58:01.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-03T13:15:13.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/960"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202004-06"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200416-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4322-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4652"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202004-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200416-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4322-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-24 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | 3.3.0 | |
| gnu | gnutls | 3.3.0 | |
| gnu | gnutls | 3.3.1 | |
| gnu | gnutls | 3.3.2 | |
| gnu | gnutls | 3.3.3 | |
| gnu | gnutls | 3.3.4 | |
| gnu | gnutls | 3.3.5 | |
| gnu | gnutls | 3.3.6 | |
| gnu | gnutls | 3.3.7 | |
| gnu | gnutls | 3.3.8 | |
| gnu | gnutls | 3.3.9 | |
| gnu | gnutls | 3.3.10 | |
| gnu | gnutls | 3.3.11 | |
| gnu | gnutls | 3.3.12 | |
| gnu | gnutls | 3.3.13 | |
| gnu | gnutls | 3.3.14 | |
| gnu | gnutls | 3.3.15 | |
| gnu | gnutls | 3.3.16 | |
| gnu | gnutls | 3.4.0 | |
| gnu | gnutls | 3.4.1 | |
| gnu | gnutls | 3.4.2 | |
| gnu | gnutls | 3.4.3 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BE31FE31-3F85-41F3-9DCB-58A090E63DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*",
"matchCriteriaId": "18A0842D-2CAC-4372-80D0-68BCCC28C7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A91948CE-E418-4450-AB62-9078D3A0FBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D34267DC-A768-4A0F-BB54-74314B70E4F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "160B3AD7-37A3-4A01-B1CD-83E6500E145A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE61F19-A2C3-4FE9-9C5A-D1FB949B6CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFE7E2-12FC-4819-8615-F76A312E8BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4993D25F-607B-4486-B9EC-566A1EEBE73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9FEF4D26-DD0C-4E67-8901-8B38A51C1FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49CE4BAE-77EC-469D-9FE2-A807B7E2EC64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7921C926-450B-4EFF-B610-B8B8FD17AE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "199F787B-0515-442A-8FFA-7A2D8E145792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E6916156-380B-4BF5-A070-8710F728C62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "20A990DC-4934-4466-978B-26105AD2DAC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE96D17-4EBB-4AA1-AC55-28E65F18A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F93C125C-331E-450B-879B-2444AE32E022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "924DABC9-8131-4280-8151-26DC08078E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "31B28D33-61C9-4A83-B9FF-31EF7A8DB195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4DFB1F-772E-4514-B0EC-66923F422797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537DB088-69A7-4482-A639-F3F4C44CA79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F38611-4E74-4180-844C-CBD2C3230684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "461EA8A4-C0C0-4F21-89A0-EACAB34C4C18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate."
},
{
"lang": "es",
"value": "Vulnerabilidad de liberaci\u00f3n doble en GnuTLS en versiones anteriores a la 3.3.17 y 3.4.x versiones anteriores a 3.4.4, permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de una entrada DistinguishedName (DN) de gran longitud en un certificado."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/415.html\"\u003eCWE-415: Double Free\u003c/a\u003e",
"id": "CVE-2015-6251",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-24T14:59:10.947",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3334"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/08/10/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/08/17/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/76267"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1033226"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251902"
},
{
"source": "secalert@redhat.com",
"url": "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/08/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/08/17/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-22 13:29
Modified
2024-11-21 03:42
Severity ?
Summary
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA0072D-DE2F-467F-9143-371A8CCB9000",
"versionEndExcluding": "3.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets."
},
{
"lang": "es",
"value": "Se ha detectado un canal lateral basado en memoria cach\u00e9 en la implementaci\u00f3n GnuTLS que conduce a un ataque de recuperaci\u00f3n de texto plano a trav\u00e9s de una m\u00e1quina virtual. Un atacante podr\u00eda utilizar una combinaci\u00f3n de un ataque \"Just in Time\" Prime+probe con un ataque Lucky-13 para recuperar texto plano usando paquetes manipulados."
}
],
"id": "CVE-2018-10846",
"lastModified": "2024-11-21T03:42:07.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 4.0,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-22T13:29:00.627",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105138"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://eprint.iacr.org/2018/747"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://eprint.iacr.org/2018/747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3999-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-385"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-08 19:41
Modified
2025-04-09 00:30
Severity ?
Summary
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n _gnutls_handshake_hash_buffers_clear de lib/gnutls_handshake.c en libgnutls de GnuTLS 2.3.5 hasta 2.4.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (caida) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de transmisiones TLS de datos que no son usadas apropiadamente cuando las llamadas pares gnutls_handshake dentro de una sesi\u00f3n normal, conducen a intentos de acceso a manejadores libgcrypt no asignados."
}
],
"id": "CVE-2008-2377",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-08T19:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31505"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/30713"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2398"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44486"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2650"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 4, or 5.",
"lastModified": "2008-08-11T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-26 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| gnu | gnutls | 1.0.16 | |
| gnu | gnutls | 1.0.17 | |
| gnu | gnutls | 1.0.18 | |
| gnu | gnutls | 1.0.19 | |
| gnu | gnutls | 1.0.20 | |
| gnu | gnutls | 1.0.21 | |
| gnu | gnutls | 1.0.22 | |
| gnu | gnutls | 1.0.23 | |
| gnu | gnutls | 1.0.24 | |
| gnu | gnutls | 1.0.25 | |
| gnu | gnutls | 1.1.13 | |
| gnu | gnutls | 1.1.14 | |
| gnu | gnutls | 1.1.15 | |
| gnu | gnutls | 1.1.16 | |
| gnu | gnutls | 1.1.17 | |
| gnu | gnutls | 1.1.18 | |
| gnu | gnutls | 1.1.19 | |
| gnu | gnutls | 1.1.20 | |
| gnu | gnutls | 1.1.21 | |
| gnu | gnutls | 1.1.22 | |
| gnu | gnutls | 1.1.23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E314F586-A086-480E-9BB9-D75ADDF8416D",
"versionEndIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A466931C-769A-4A28-B072-10930CE655E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "10F621DC-7967-4D97-A562-02E7033C89C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "776E5481-399F-45BC-AD20-A18508B03916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "63D7F972-9128-4A4D-8508-B38CE2F155E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "54FE4766-32D0-491E-8C71-5B998C468142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7F980857-2364-466A-8366-BD017D242222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E649D-5C45-4412-927B-E3EDCE07587C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number."
},
{
"lang": "es",
"value": "La funci\u00f3n gnutls_x509_crt_get_serial en la librer\u00eda GnuTLS anterior a v1.2.1, cunado se est\u00e1 ejecutando sobre big-endian, plataformas de 64-bit, llama de a asn1_read_value con un puntero a un tipo de dato err\u00f3neo, y con una longitud err\u00f3nea, lo que permite a atacantes remotos saltarse el control la lista de certificados revocados (CRL) y robocar un desbordamiento de de b\u00fafer basado en pila, a a trav\u00e9s de un certificado X.509 manipulado, relativo a la extracci\u00f3n de un n\u00famero de serie."
}
],
"evaluatorSolution": "Per: http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230\r\n\r\n\"Please note that the problem was solved for GnuTLS 1.2.1, released on\r\n2005-04-04. Also, 32-bit platforms are not affected. I have added\r\ninformation about this on\r\n\r\nhttp://www.gnu.org/software/gnutls/security.html\r\n\r\nso that it contains the complete list of known security flaws. I\u0027m\r\nusing the keyword GNUTLS-SA-2010-1 for this.\"",
"id": "CVE-2010-0731",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-26T18:30:00.437",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39127"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/38959"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0713"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1054"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=573028"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=573028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9759"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-03 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | 3.3.0 | |
| gnu | gnutls | 3.3.0 | |
| gnu | gnutls | 3.3.1 | |
| gnu | gnutls | 3.3.2 | |
| gnu | gnutls | 3.3.3 | |
| gnu | gnutls | * | |
| gnu | gnutls | 3.1.0 | |
| gnu | gnutls | 3.1.1 | |
| gnu | gnutls | 3.1.2 | |
| gnu | gnutls | 3.1.3 | |
| gnu | gnutls | 3.1.4 | |
| gnu | gnutls | 3.1.5 | |
| gnu | gnutls | 3.1.6 | |
| gnu | gnutls | 3.1.7 | |
| gnu | gnutls | 3.1.8 | |
| gnu | gnutls | 3.1.9 | |
| gnu | gnutls | 3.1.10 | |
| gnu | gnutls | 3.1.11 | |
| gnu | gnutls | 3.1.12 | |
| gnu | gnutls | 3.1.13 | |
| gnu | gnutls | 3.1.14 | |
| gnu | gnutls | 3.1.15 | |
| gnu | gnutls | 3.1.16 | |
| gnu | gnutls | 3.1.17 | |
| gnu | gnutls | 3.1.18 | |
| gnu | gnutls | 3.1.19 | |
| gnu | gnutls | 3.1.20 | |
| gnu | gnutls | 3.1.21 | |
| gnu | gnutls | 3.1.22 | |
| gnu | gnutls | 3.1.23 | |
| gnu | gnutls | 3.2.0 | |
| gnu | gnutls | 3.2.1 | |
| gnu | gnutls | 3.2.2 | |
| gnu | gnutls | 3.2.3 | |
| gnu | gnutls | 3.2.4 | |
| gnu | gnutls | 3.2.5 | |
| gnu | gnutls | 3.2.6 | |
| gnu | gnutls | 3.2.7 | |
| gnu | gnutls | 3.2.8 | |
| gnu | gnutls | 3.2.8.1 | |
| gnu | gnutls | 3.2.9 | |
| gnu | gnutls | 3.2.10 | |
| gnu | gnutls | 3.2.11 | |
| gnu | gnutls | 3.2.12 | |
| gnu | gnutls | 3.2.12.1 | |
| gnu | gnutls | 3.2.13 | |
| gnu | gnutls | 3.2.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BE31FE31-3F85-41F3-9DCB-58A090E63DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*",
"matchCriteriaId": "18A0842D-2CAC-4372-80D0-68BCCC28C7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A91948CE-E418-4450-AB62-9078D3A0FBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D34267DC-A768-4A0F-BB54-74314B70E4F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "160B3AD7-37A3-4A01-B1CD-83E6500E145A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B744589A-9113-4CA1-AEDC-364251547524",
"versionEndIncluding": "3.1.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D91451B0-301B-430D-9D77-00F4AE91C10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "344CCDAD-64EC-419C-995B-51F922AB9E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB8FC4-F84A-47FD-9586-CF02761152A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D57BDDEB-090D-472C-9FB6-4555429860E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F430F4C6-A738-4E02-BE76-041F71335E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64EE97BB-D0EE-444A-96FA-D127892216F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FB28F388-DE19-4C25-A838-949CA926C31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "435C588C-A478-4FB8-A47D-2605CB39C331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDDABF3-ECA6-433E-A7D6-8E13F0C6433B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0142E0D7-85DD-413B-B176-2FB5E12C2FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "780D6C0C-2B20-425E-B15E-EE1AF9F28B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2D3896-E095-4889-A9D1-6D8EB2882D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C3CCDF3A-BEAB-4DA2-A15A-A855FFFD415A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "425F7D5B-EE8A-46EC-B986-414FB90702C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC83E92-882B-4984-80FC-FAB7F5CD52E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFAAACF-FD4A-4B1C-A35A-E11189DE2F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A62B585C-2FC8-448F-97E7-CAC59548B03A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "827A375E-8045-4A81-AB7C-11A89E862518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC1076D-2249-406B-9D43-B24764BBE007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F039CD91-0FF6-4640-B981-20A3F9384A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "567E66B1-53D9-4A80-A938-2FE5C7CEB985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2186BE-288F-40FD-B634-76D14578E252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "773043EA-8C41-4F42-9702-660FD6822FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "37E05061-D666-492E-AF2B-CF30FC2FA759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A22BC2E4-A2A5-4637-A9B9-9E68FC982BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "68DF059C-4C1D-4B9C-993E-1C4D3510471C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9A21B6-4A22-4801-8023-45F39EC02576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA5F76C-3524-4E80-985F-FC74DD20B5E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB890F0-3126-4FDD-8162-AC28754D3D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35CAA298-D755-4668-A568-439532DF7A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "13B53422-C666-4140-BF8A-EEDB8AC95A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B1861D-61C3-469E-B37F-B76758626BCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en la funci\u00f3n read_server_hello en lib/gnutls_handshake.c en GnuTLS anterior a 3.1.25, 3.2.x anterior a 3.2.15 y 3.3.x anterior a 3.3.4 permite a servidores remotos causar una denegaci\u00f3n de servicio (consumo de memoria) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una sesi\u00f3n id larga en un mensaje ServerHello."
}
],
"id": "CVE-2014-3466",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-03T14:55:10.257",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"url": "http://linux.oracle.com/errata/ELSA-2014-0595.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0595.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/58340"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/58598"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/58601"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/58642"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59016"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59021"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59057"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59086"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59408"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59838"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60384"
},
{
"source": "secalert@redhat.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678776"
},
{
"source": "secalert@redhat.com",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2944"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnutls.org/security.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/67741"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1030314"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2229-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://linux.oracle.com/errata/ELSA-2014-0595.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0595.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnutls.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2229-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-30 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC336AC-F306-4643-91E0-BA1D4B07DC10",
"versionEndExcluding": "2.6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free."
},
{
"lang": "es",
"value": "lib/pk-libgcrypt.c en libgnutls en GnuTLS anterior a v2.6.6 no maneja correctamente las firmas DSA, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue de aplicaci\u00f3n) y posiblemente tiene otro impacto no especificado a trav\u00e9s de una clave DSA malformada que desencadena (1) una liberaci\u00f3n del puntero no inicializado. (2) una doble liberaci\u00f3n."
}
],
"id": "CVE-2009-1415",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-30T20:30:00.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34842"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35211"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34783"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022157"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50257"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50260"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50445"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5 as it only affected gnutls 2.6.x versions.",
"lastModified": "2009-09-21T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-16 21:00
Modified
2025-04-09 00:30
Severity ?
Summary
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mutt:mutt:1.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "89C33B31-B9BC-4E43-8221-219380B4B682",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA1CA86-1405-4C25-9BC2-5A5E6A76B911",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2745A1E0-C586-4686-A5AC-C82ABE726D5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack."
},
{
"lang": "es",
"value": "Mutt v1.5.\u00ba9, enlazado contra (1) OpenSSL (mutt_ssl.c) o (2) GnuTLS (mutt_ssl_gnutls.c), permite conexiones cuando se acepta un certificado TLS en la cadena en vez de verificar esta \u00faltima, lo que permite a atacantes remotos suplantar servidores de confianda a trav\u00e9s de un ataque hombre-en-medio(Man-in-the-middle)."
}
],
"id": "CVE-2009-1390",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-16T21:00:00.343",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2009/06/10/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35288"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2009/06/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of mutt as shipped with Red Hat Enterprise Linux 3, 4, or 5. Only mutt version 1.5.19 was affected by this flaw.",
"lastModified": "2009-06-17T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-20 14:12
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | 3.1.0 | |
| gnu | gnutls | 3.1.1 | |
| gnu | gnutls | 3.1.2 | |
| gnu | gnutls | 3.1.3 | |
| gnu | gnutls | 3.1.4 | |
| gnu | gnutls | 3.1.5 | |
| gnu | gnutls | 3.1.6 | |
| gnu | gnutls | 3.1.7 | |
| gnu | gnutls | 3.1.8 | |
| gnu | gnutls | 3.1.9 | |
| gnu | gnutls | 3.1.10 | |
| gnu | gnutls | 3.1.11 | |
| gnu | gnutls | 3.1.12 | |
| gnu | gnutls | 3.1.13 | |
| gnu | gnutls | 3.1.14 | |
| gnu | gnutls | 3.2.0 | |
| gnu | gnutls | 3.2.1 | |
| gnu | gnutls | 3.2.2 | |
| gnu | gnutls | 3.2.3 | |
| gnu | gnutls | 3.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D91451B0-301B-430D-9D77-00F4AE91C10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "344CCDAD-64EC-419C-995B-51F922AB9E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB8FC4-F84A-47FD-9586-CF02761152A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D57BDDEB-090D-472C-9FB6-4555429860E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F430F4C6-A738-4E02-BE76-041F71335E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64EE97BB-D0EE-444A-96FA-D127892216F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FB28F388-DE19-4C25-A838-949CA926C31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "435C588C-A478-4FB8-A47D-2605CB39C331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "827A375E-8045-4A81-AB7C-11A89E862518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC1076D-2249-406B-9D43-B24764BBE007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F039CD91-0FF6-4640-B981-20A3F9384A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n dane_query_tlsa de la librer\u00eda DANE (libdane) en GnuTLS 3.1.x anterior a la versi\u00f3n 3.1.15 y 3.2.x anterior a 3.2.5 permite en servidores remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una respuesta que implique m\u00e1s de 4 entradas DANE."
}
],
"id": "CVE-2013-4466",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-20T14:12:30.350",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/2"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-03 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.12.23:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA51CCE-8A44-4FAB-A29D-4A7DCDC395EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169."
},
{
"lang": "es",
"value": "La funci\u00f3n _gnutls_ciphertext2compressed en lib/gnutls_cipher.c en GnuTLS 2.12.23, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (sobrelectura y ca\u00edda del b\u00fafer) a trav\u00e9s de un tama\u00f1o manipulado. NOTA: esto podr\u00eda deberse a una incorrecta correcci\u00f3n del CVE-2013-0169."
}
],
"id": "CVE-2013-2116",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-03T18:55:01.027",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0883.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53911"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57274"
},
{
"source": "secalert@redhat.com",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753"
},
{
"source": "secalert@redhat.com",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2697"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:171"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1028603"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1843-1"
},
{
"source": "secalert@redhat.com",
"url": "https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0883.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1843-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-14 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AB4B12-05D9-4428-8238-50A4C77AFADD",
"versionEndIncluding": "2.9.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid."
},
{
"lang": "es",
"value": "Vulnerabilidad en GnuTLS en versiones anteriores a 2.9.10, no verifica las fechas de activaci\u00f3n y expiraci\u00f3n de certificados CA, lo que permite a atacantes man-in-the-middle suplantar servidores a trav\u00e9s de un certificado expedido por un certificado CA que (1) a\u00fan no es v\u00e1lido o (2) ya no es v\u00e1lido."
}
],
"id": "CVE-2014-8155",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-14T18:59:01.347",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1457.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/73317"
},
{
"source": "secalert@redhat.com",
"url": "https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c"
},
{
"source": "secalert@redhat.com",
"url": "https://support.f5.com/csp/article/K53330207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1457.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K53330207"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-24 19:30
Modified
2025-04-11 00:51
Severity ?
Summary
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| gnu | gnutls | 1.0.16 | |
| gnu | gnutls | 1.0.17 | |
| gnu | gnutls | 1.0.18 | |
| gnu | gnutls | 1.0.19 | |
| gnu | gnutls | 1.0.20 | |
| gnu | gnutls | 1.0.21 | |
| gnu | gnutls | 1.0.22 | |
| gnu | gnutls | 1.0.23 | |
| gnu | gnutls | 1.0.24 | |
| gnu | gnutls | 1.0.25 | |
| gnu | gnutls | 1.1.13 | |
| gnu | gnutls | 1.1.14 | |
| gnu | gnutls | 1.1.15 | |
| gnu | gnutls | 1.1.16 | |
| gnu | gnutls | 1.1.17 | |
| gnu | gnutls | 1.1.18 | |
| gnu | gnutls | 1.1.19 | |
| gnu | gnutls | 1.1.20 | |
| gnu | gnutls | 1.1.21 | |
| gnu | gnutls | 1.1.22 | |
| gnu | gnutls | 1.1.23 | |
| gnu | gnutls | 1.2.0 | |
| gnu | gnutls | 1.2.1 | |
| gnu | gnutls | 1.2.2 | |
| gnu | gnutls | 1.2.3 | |
| gnu | gnutls | 1.2.4 | |
| gnu | gnutls | 1.2.5 | |
| gnu | gnutls | 1.2.6 | |
| gnu | gnutls | 1.2.7 | |
| gnu | gnutls | 1.2.8 | |
| gnu | gnutls | 1.2.8.1a1 | |
| gnu | gnutls | 1.2.9 | |
| gnu | gnutls | 1.2.10 | |
| gnu | gnutls | 1.2.11 | |
| gnu | gnutls | 1.3.0 | |
| gnu | gnutls | 1.3.1 | |
| gnu | gnutls | 1.3.2 | |
| gnu | gnutls | 1.3.3 | |
| gnu | gnutls | 1.3.4 | |
| gnu | gnutls | 1.3.5 | |
| gnu | gnutls | 1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABCDA0A7-FF39-42BC-977D-52EDDBF7B473",
"versionEndIncluding": "1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A466931C-769A-4A28-B072-10930CE655E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "10F621DC-7967-4D97-A562-02E7033C89C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "776E5481-399F-45BC-AD20-A18508B03916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "63D7F972-9128-4A4D-8508-B38CE2F155E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "54FE4766-32D0-491E-8C71-5B998C468142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7F980857-2364-466A-8366-BD017D242222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E649D-5C45-4412-927B-E3EDCE07587C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "052B40C1-C29B-4189-9A45-DAE873AB716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61D05BC3-1315-4AC7-884D-41459272C94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "738F29DA-9741-4BA5-B370-417443A3AC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52173492-1031-4AA4-A600-6210581059D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB636C36-2884-4F66-B68A-4494AEAF90C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9200C3-0F46-4238-918B-38D95BF11547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B84A4F5-CED7-4633-913F-BE8235F68616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference."
},
{
"lang": "es",
"value": "La funci\u00f3n _gnutls_x509_oid2mac_algorithm en lib/gnutls_algorithms.c de GnuTLS anterior a v1.4.2. Permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un certificado X.509 manipulado que utiliza un algoritmo hash no soportado por GnuTLS, lo que provoca una deferencia a puntero nulo."
}
],
"id": "CVE-2006-7239",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-24T19:30:01.270",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys."
}
],
"id": "CVE-2004-2531",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12156"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1010838"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hornik.sk/SA/SA-20040802.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/8278"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10839"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1010838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hornik.sk/SA/SA-20040802.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/8278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16858"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-07 00:10
Modified
2025-04-12 10:46
Severity ?
Summary
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| gnu | gnutls | 3.1.0 | |
| gnu | gnutls | 3.1.1 | |
| gnu | gnutls | 3.1.2 | |
| gnu | gnutls | 3.1.3 | |
| gnu | gnutls | 3.1.4 | |
| gnu | gnutls | 3.1.5 | |
| gnu | gnutls | 3.1.6 | |
| gnu | gnutls | 3.1.7 | |
| gnu | gnutls | 3.1.8 | |
| gnu | gnutls | 3.1.9 | |
| gnu | gnutls | 3.1.10 | |
| gnu | gnutls | 3.1.11 | |
| gnu | gnutls | 3.1.12 | |
| gnu | gnutls | 3.1.13 | |
| gnu | gnutls | 3.1.14 | |
| gnu | gnutls | 3.1.15 | |
| gnu | gnutls | 3.1.16 | |
| gnu | gnutls | 3.1.17 | |
| gnu | gnutls | 3.1.18 | |
| gnu | gnutls | 3.1.19 | |
| gnu | gnutls | * | |
| gnu | gnutls | 3.2.0 | |
| gnu | gnutls | 3.2.1 | |
| gnu | gnutls | 3.2.2 | |
| gnu | gnutls | 3.2.3 | |
| gnu | gnutls | 3.2.4 | |
| gnu | gnutls | 3.2.5 | |
| gnu | gnutls | 3.2.6 | |
| gnu | gnutls | 3.2.7 | |
| gnu | gnutls | 3.2.8 | |
| gnu | gnutls | 3.2.8.1 | |
| gnu | gnutls | 3.2.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE872CF-664D-4DD8-89DF-92A8A56B6CC8",
"versionEndIncluding": "3.1.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D91451B0-301B-430D-9D77-00F4AE91C10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "344CCDAD-64EC-419C-995B-51F922AB9E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB8FC4-F84A-47FD-9586-CF02761152A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D57BDDEB-090D-472C-9FB6-4555429860E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F430F4C6-A738-4E02-BE76-041F71335E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64EE97BB-D0EE-444A-96FA-D127892216F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FB28F388-DE19-4C25-A838-949CA926C31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "435C588C-A478-4FB8-A47D-2605CB39C331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDDABF3-ECA6-433E-A7D6-8E13F0C6433B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0142E0D7-85DD-413B-B176-2FB5E12C2FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "780D6C0C-2B20-425E-B15E-EE1AF9F28B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2D3896-E095-4889-A9D1-6D8EB2882D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C3CCDF3A-BEAB-4DA2-A15A-A855FFFD415A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56EE0AAB-C99F-4FB3-8DBA-D58B47BD19DD",
"versionEndIncluding": "3.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "827A375E-8045-4A81-AB7C-11A89E862518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC1076D-2249-406B-9D43-B24764BBE007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F039CD91-0FF6-4640-B981-20A3F9384A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "567E66B1-53D9-4A80-A938-2FE5C7CEB985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2186BE-288F-40FD-B634-76D14578E252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "773043EA-8C41-4F42-9702-660FD6822FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "37E05061-D666-492E-AF2B-CF30FC2FA759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A22BC2E4-A2A5-4637-A9B9-9E68FC982BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "68DF059C-4C1D-4B9C-993E-1C4D3510471C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates."
},
{
"lang": "es",
"value": "lib/x509/verify.c en GnuTLS anterior a 3.1.21 y 3.2.x anterior a 3.2.11 trata certificados X.509 de versi\u00f3n 1 como CAs intermedios, lo que permite a atacantes remotos evadir restricciones mediante el aprovechamiento de un certificado X.509 V1 de un CA confiable para emitir certificados nuevos."
}
],
"id": "CVE-2014-1959",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-07T00:10:57.620",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q1/344"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q1/345"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2866"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnutls.org/security.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65559"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2121-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q1/344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q1/345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gnutls.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2121-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-24 16:15
Modified
2024-11-21 06:37
Severity ?
Summary
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| redhat | enterprise_linux | 8.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F5A2FE-408A-4E36-BC95-40E502C06682",
"versionEndExcluding": "3.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84574629-EB00-4235-8962-45070F3C9F6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle\u0027s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo de desreferencia de puntero NULL en GnuTLS. Como las funciones de actualizaci\u00f3n de hash de Nettle llaman internamente a memcpy, proporcionar una entrada de longitud cero puede causar un comportamiento indefinido. Este fallo conlleva a una denegaci\u00f3n de servicio tras la autenticaci\u00f3n en raras circunstancias."
}
],
"id": "CVE-2021-4209",
"lastModified": "2024-11-21T06:37:09.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-24T16:15:09.927",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4209"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0005/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-24 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCB1A63-F2CF-474F-AAF6-CE225C58B765",
"versionEndIncluding": "3.3.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2434168D-05A8-4300-9069-C55566A5EAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BACD6E9A-8CCA-44C3-AE54-BAABEAB5BB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6FA626-AEE9-4E3B-8BE4-3F2D46FF072D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA302AC-1DE9-4D36-94B2-BB4411E9BF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71805931-872A-4F1A-A8B4-82347C2EF90E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A489C2-4824-4133-83E0-625AA454E959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D38B82-82A7-4943-BE1C-77EC707289D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "850A1174-F1E7-47EA-AF71-FEB6C4379EDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate."
},
{
"lang": "es",
"value": "Las funciones de lectura de flujo en lib/opencdk/read-packet.c en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de memoria y error) Certificado OpenPGP."
}
],
"id": "CVE-2017-5335",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-24T15:59:00.810",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"source": "security@debian.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95374"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"source": "security@debian.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-04"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-30 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3306EB88-CE4C-4D5E-BE35-53DE6DEC5C3C",
"versionEndExcluding": "2.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66221847-4F1D-4F26-8916-731BDFE5B3A9",
"versionEndExcluding": "2.7.4",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A21F310D-7D9F-45D7-974D-C615F99FBEB8",
"versionEndExcluding": "3.12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06458D9A-4AB2-4B8A-8902-D2A285801347",
"versionEndIncluding": "0.9.8k",
"versionStartIncluding": "0.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large."
},
{
"lang": "es",
"value": "La librer\u00eda Network Security Services (NSS) en versiones anteriores a 3.12.3, como se utiliza en Firefox; GnuTLS en versiones anteriores a 2.6.4 y 2.7.4; OpenSSL 0.9.8 hasta la versi\u00f3n 0.9.8k; y otros productos que soportan MD2 con certificados X.509, lo que podr\u00edan permitir a atacantes remotos falsificar certificados usando defectos de dise\u00f1o de MD2 para generar una colisi\u00f3n de hash en menos que tiempo que con fuerza bruta. NOTA: el alcance de este problema est\u00e1 actualmente limitado porque la cantidad de computaci\u00f3n requerida es todav\u00eda grande."
}
],
"id": "CVE-2009-2409",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-30T19:30:00.343",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "http://java.sun.com/javase/6/webnotes/6u17.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36139"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36157"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36434"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/36669"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/36739"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/37386"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/42467"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id?1022631"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2009/dsa-1888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://java.sun.com/javase/6/webnotes/6u17.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/36669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/36739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/37386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/42467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id?1022631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2009/dsa-1888"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-27 18:29
Modified
2024-11-21 04:42
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| fedoraproject | fedora | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "521F9E87-9015-43E4-A036-B7E26B96E06B",
"versionEndExcluding": "3.6.7",
"versionStartIncluding": "3.5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FEADDA-2AEE-4F65-9401-971B585664A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad en gnutls, desde la versi\u00f3n 3.5.8 hasta antes de la 3.6.7. Hay una vulnerabilidad de corrupci\u00f3n de memoria (doble liberaci\u00f3n o \"double free\") en la API de verificaci\u00f3n de certificados. Cualquier aplicaci\u00f3n cliente o servidor que verifica certificados X.509 con GnuTLS en versiones 3.5.8 o posteriores se ha visto afectada."
}
],
"id": "CVE-2019-3829",
"lastModified": "2024-11-21T04:42:37.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-27T18:29:00.693",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/issues/694"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20190619-0004/"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/gnutls/issues/694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20190619-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-415"
},
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-03 14:29
Modified
2024-11-21 03:53
Severity ?
Summary
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BD288F-03CF-4D4B-ACFD-285972068291",
"versionEndIncluding": "3.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server."
},
{
"lang": "es",
"value": "Se ha detectado un ataque de or\u00e1culo de relleno basado en canales laterales de tipo Bleichenbacher en la manera en la que gnutls maneja la verificaci\u00f3n de los datos PKCS#1 v1.5 descifrados de un cifrado RSA. Un atacante que sea capaz de ejecutar un proceso en el mismo n\u00facleo f\u00edsico que el proceso v\u00edctima podr\u00eda usarlo para extraer texto plano o, en algunos casos, desactualizar algunas conexiones TLS a un servidor vulnerable."
}
],
"id": "CVE-2018-16868",
"lastModified": "2024-11-21T03:53:29.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.3,
"impactScore": 4.0,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.4,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-03T14:29:00.333",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://cat.eyalro.net/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106080"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://cat.eyalro.net/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-01 14:15
Modified
2024-11-21 07:01
Severity ?
Summary
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8704EA12-AC39-4E61-808D-D24D017CF541",
"versionEndExcluding": "3.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function."
},
{
"lang": "es",
"value": "Una vulnerabilidad encontrada en gnutls. Este fallo de seguridad es producida por un error de doble liberaci\u00f3n durante la verificaci\u00f3n de firmas pkcs7 en la funci\u00f3n gnutls_pkcs7_verify"
}
],
"id": "CVE-2022-2509",
"lastModified": "2024-11-21T07:01:08.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-01T14:15:09.890",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-2509"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-2509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5203"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-20 14:15
Modified
2024-11-21 02:38
Severity ?
Summary
GnuTLS incorrectly validates the first byte of padding in CBC modes
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C30D5FDF-10E2-42E3-8D48-3BC6BEB0EFE2",
"versionEndIncluding": "2.12.24",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuTLS incorrectly validates the first byte of padding in CBC modes"
},
{
"lang": "es",
"value": "GnuTLS comprueba incorrectamente el primer byte de relleno en los modos CBC"
}
],
"id": "CVE-2015-8313",
"lastModified": "2024-11-21T02:38:16.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-20T14:15:11.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3408"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/537012/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/78327"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2015-8313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/537012/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/78327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2015-8313"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-16 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6117AAF1-2C27-4ED7-9C7A-F5A57FA2EC0A",
"versionEndIncluding": "3.5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application."
},
{
"lang": "es",
"value": "GnuTLS versi\u00f3n 3.5.12 y anteriores, es vulnerable a una desreferencia del puntero NULL durante la descodificaci\u00f3n de una extensi\u00f3n TLS de respuesta de estado con contenido v\u00e1lido. Esto podr\u00eda conllevar a un bloqueo de la aplicaci\u00f3n del servidor GnuTLS."
}
],
"id": "CVE-2017-7507",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-16T19:29:00.190",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2017/dsa-3884"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99102"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-21 13:24
Modified
2025-04-09 00:30
Severity ?
Summary
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A466931C-769A-4A28-B072-10930CE655E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "10F621DC-7967-4D97-A562-02E7033C89C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "776E5481-399F-45BC-AD20-A18508B03916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "63D7F972-9128-4A4D-8508-B38CE2F155E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "54FE4766-32D0-491E-8C71-5B998C468142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7F980857-2364-466A-8366-BD017D242222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E649D-5C45-4412-927B-E3EDCE07587C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "052B40C1-C29B-4189-9A45-DAE873AB716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61D05BC3-1315-4AC7-884D-41459272C94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "738F29DA-9741-4BA5-B370-417443A3AC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52173492-1031-4AA4-A600-6210581059D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB636C36-2884-4F66-B68A-4494AEAF90C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9200C3-0F46-4238-918B-38D95BF11547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B84A4F5-CED7-4633-913F-BE8235F68616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB6EC88-DCE0-439B-89CD-18229965849B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2C89DD-CDBD-4772-A031-089F32006D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00DE1208-BDDC-405B-A34A-B58D00A279DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C952BF-A135-4B15-8A51-94D66B618469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADED309-0A25-478D-B542-96217A0DD63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F714D22-873A-4D64-8151-86BB55EFD084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9181F9-50FF-4995-9554-022CF93376C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86C70F69-FB80-4F32-A798-71A5153E6C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A1E604-500E-4181-BF66-BB69C7C3F425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7073EAD-06C9-4309-B479-135021E82B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1895868E-E501-42C2-8450-EEED4447BAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "199AA36A-3B23-438C-9109-CC9000372986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6FFF05-37B2-4D69-86AF-921591382D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "22802660-D33F-4683-B82F-C94AC6170A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DBAF08-1441-4F14-A740-E90044B77042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3B6684-3890-4B60-BE67-D06045A86B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D61596-01EB-4936-923B-63537625F926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "599EB59C-7717-47A8-84C6-78B6D79AEB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26E9005E-5034-43F2-B96E-7829E19FE3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83F22BF4-A738-438B-8D0B-6993640F0D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF269AE-121B-4982-A765-5C7E806FA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C9F604-7FBE-4759-B039-8F5894574203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "191821CD-E4CB-4269-B04C-284A9F9783B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A71474-958D-4689-A652-3E2A731F47FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38169043-17DF-4CF9-963A-8770B8882357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4537676-A72E-4433-B44F-3664EDD6F240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D085B16-3116-423F-BDE0-2D93E12650A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2."
},
{
"lang": "es",
"value": "La funci\u00f3n _gnutls_recv_client_kx_message en lib/gnutls_kx.c de libgnutls en gnutls-serv de GnuTLS versiones anteriores a la 2.2.4 contin\u00faa procesando los mensajes Client Hello dentro de un mensaje TLS despu\u00e9s de que uno ya haya sido procesado, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia NULL y ca\u00edda) a trav\u00e9s de un mensaje TLS que contiene m\u00faltiples mensajes Hello Client, tambi\u00e9n conocida como GNUTLS-SA-2008-1-2."
}
],
"id": "CVE-2008-1949",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-21T13:24:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30287"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30302"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30317"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30324"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30330"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30331"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30338"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30355"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31939"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/3902"
},
{
"source": "secalert@redhat.com",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/252626"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29292"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1020058"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42530"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/252626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-4989 (GCVE-0-2008-4989)
Vulnerability from cvelistv5
Published
2008-11-13 00:00
Modified
2024-08-07 10:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:28.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:227",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:227"
},
{
"name": "USN-678-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-678-2"
},
{
"name": "33694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33694"
},
{
"name": "GLSA-200901-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200901-10.xml"
},
{
"name": "RHSA-2008:0982",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0982.html"
},
{
"name": "USN-678-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/678-1/"
},
{
"name": "20081117 rPSA-2008-0322-1 gnutls",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498431/100/0/threaded"
},
{
"name": "[gnutls-devel] 20081110 GnuTLS 2.6.1 - Security release [GNUTLS-SA-2008-3]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215"
},
{
"name": "[gnutls-devel] 20081110 Analysis of vulnerability GNUTLS-SA-2008-3 CVE-2008-4989",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0322"
},
{
"name": "32687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32687"
},
{
"name": "FEDORA-2008-9600",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2886"
},
{
"name": "35423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35423"
},
{
"name": "SUSE-SR:2008:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"name": "32232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32232"
},
{
"name": "1021167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021167"
},
{
"name": "260528",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1"
},
{
"name": "33501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33501"
},
{
"name": "32879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32879"
},
{
"name": "ADV-2009-1567",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1567"
},
{
"name": "32619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32619"
},
{
"name": "ADV-2008-3086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3086"
},
{
"name": "32681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32681"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "oval:org.mitre.oval:def:11650",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650"
},
{
"name": "DSA-1719",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1719"
},
{
"name": "FEDORA-2008-9530",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.html"
},
{
"name": "gnutls-x509-name-spoofing(46482)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46482"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:227",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:227"
},
{
"name": "USN-678-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-678-2"
},
{
"name": "33694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33694"
},
{
"name": "GLSA-200901-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200901-10.xml"
},
{
"name": "RHSA-2008:0982",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0982.html"
},
{
"name": "USN-678-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/678-1/"
},
{
"name": "20081117 rPSA-2008-0322-1 gnutls",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498431/100/0/threaded"
},
{
"name": "[gnutls-devel] 20081110 GnuTLS 2.6.1 - Security release [GNUTLS-SA-2008-3]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215"
},
{
"name": "[gnutls-devel] 20081110 Analysis of vulnerability GNUTLS-SA-2008-3 CVE-2008-4989",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0322"
},
{
"name": "32687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32687"
},
{
"name": "FEDORA-2008-9600",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2886"
},
{
"name": "35423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35423"
},
{
"name": "SUSE-SR:2008:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"name": "32232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32232"
},
{
"name": "1021167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021167"
},
{
"name": "260528",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1"
},
{
"name": "33501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33501"
},
{
"name": "32879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32879"
},
{
"name": "ADV-2009-1567",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1567"
},
{
"name": "32619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32619"
},
{
"name": "ADV-2008-3086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3086"
},
{
"name": "32681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32681"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "oval:org.mitre.oval:def:11650",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650"
},
{
"name": "DSA-1719",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1719"
},
{
"name": "FEDORA-2008-9530",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.html"
},
{
"name": "gnutls-x509-name-spoofing(46482)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46482"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:227",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:227"
},
{
"name": "USN-678-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-678-2"
},
{
"name": "33694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33694"
},
{
"name": "GLSA-200901-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200901-10.xml"
},
{
"name": "RHSA-2008:0982",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0982.html"
},
{
"name": "USN-678-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/678-1/"
},
{
"name": "20081117 rPSA-2008-0322-1 gnutls",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498431/100/0/threaded"
},
{
"name": "[gnutls-devel] 20081110 GnuTLS 2.6.1 - Security release [GNUTLS-SA-2008-3]",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215"
},
{
"name": "[gnutls-devel] 20081110 Analysis of vulnerability GNUTLS-SA-2008-3 CVE-2008-4989",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0322",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0322"
},
{
"name": "32687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32687"
},
{
"name": "FEDORA-2008-9600",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.html"
},
{
"name": "http://www.gnu.org/software/gnutls/security.html",
"refsource": "CONFIRM",
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-2886",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2886"
},
{
"name": "35423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35423"
},
{
"name": "SUSE-SR:2008:027",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"name": "32232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32232"
},
{
"name": "1021167",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021167"
},
{
"name": "260528",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1"
},
{
"name": "33501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33501"
},
{
"name": "32879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32879"
},
{
"name": "ADV-2009-1567",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1567"
},
{
"name": "32619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32619"
},
{
"name": "ADV-2008-3086",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3086"
},
{
"name": "32681",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32681"
},
{
"name": "SUSE-SR:2009:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "oval:org.mitre.oval:def:11650",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650"
},
{
"name": "DSA-1719",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1719"
},
{
"name": "FEDORA-2008-9530",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.html"
},
{
"name": "gnutls-x509-name-spoofing(46482)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46482"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4989",
"datePublished": "2008-11-13T00:00:00",
"dateReserved": "2008-11-06T00:00:00",
"dateUpdated": "2024-08-07T10:31:28.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8155 (GCVE-0-2014-8155)
Vulnerability from cvelistv5
Published
2015-08-14 18:00
Modified
2024-08-06 13:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "73317",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73317"
},
{
"name": "RHSA-2015:1457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1457.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K53330207"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-08T21:06:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "73317",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73317"
},
{
"name": "RHSA-2015:1457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1457.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K53330207"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8155",
"datePublished": "2015-08-14T18:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0567 (GCVE-0-2024-0567)
Vulnerability from cvelistv5
Published
2024-01-16 14:01
Modified
2025-06-02 15:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► |
Version: 3.8.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
},
{
"name": "RHSA-2024:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"name": "RHSA-2024:1082",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1082"
},
{
"name": "RHSA-2024:1383",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0567"
},
{
"name": "RHBZ#2258544",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258544"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1521"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240202-0011/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0567",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:37:07.175566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:11:14.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/gnutls/gnutls",
"defaultStatus": "unaffected",
"packageName": "gnutls",
"versions": [
{
"lessThan": "3.8.3",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.6-23.el9_3.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.6-23.el9_3.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.2::baseos",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.6-21.el9_2.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/cephcsi-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-37",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/mcg-core-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-68",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/mcg-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/mcg-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-39",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-client-console-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-58",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-client-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-client-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-metrics-exporter-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-81",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-79",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-cli-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-console-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-57",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-cosi-sidecar-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-csi-addons-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-csi-addons-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-csi-addons-sidecar-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-multicluster-console-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-54",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-multicluster-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-multicluster-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-must-gather-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-26",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odr-cluster-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odr-hub-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odr-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-21",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/rook-ceph-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-103",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-407",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-479",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-247",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-227",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-470",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-24",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-525",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-224",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-56",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "cockpit",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "cockpit",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "cockpit",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:3.11"
],
"defaultStatus": "unaffected",
"packageName": "cockpit",
"product": "Red Hat OpenShift Container Platform 3.11",
"vendor": "Red Hat"
}
],
"datePublic": "2024-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T00:10:26.501Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"name": "RHSA-2024:1082",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1082"
},
{
"name": "RHSA-2024:1383",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0567"
},
{
"name": "RHBZ#2258544",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258544"
},
{
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1521"
},
{
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-16T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Gnutls: rejects certificate chain with distributed trust",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-347: Improper Verification of Cryptographic Signature"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0567",
"datePublished": "2024-01-16T14:01:59.178Z",
"dateReserved": "2024-01-16T04:02:22.392Z",
"dateUpdated": "2025-06-02T15:11:14.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10845 (GCVE-0-2018-10845)
Vulnerability from cvelistv5
Published
2018-08-22 13:00
Modified
2024-08-05 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eprint.iacr.org/2018/747"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "105138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105138"
},
{
"name": "RHSA-2018:3050",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "FEDORA-2020-f90fb78f70",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"name": "FEDORA-2020-d14280a6e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnutls",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-08T05:06:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eprint.iacr.org/2018/747"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "105138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105138"
},
{
"name": "RHSA-2018:3050",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "FEDORA-2020-f90fb78f70",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"name": "FEDORA-2020-d14280a6e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10845",
"datePublished": "2018-08-22T13:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:46:47.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1415 (GCVE-0-2009-1415)
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 05:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gnutls-libgnutls-dos(50445)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50445"
},
{
"name": "[gnutls-devel] 20090423 Re: some crashes on using DSA keys",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502"
},
{
"name": "[gnutls-devel] 20090430 Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1] [CVE-2009-1415]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515"
},
{
"name": "gnutls-dsa-code-execution(50257)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488"
},
{
"name": "gnutls-dsa-dos(50260)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50260"
},
{
"name": "ADV-2009-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"name": "34783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34783"
},
{
"name": "GLSA-200905-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"name": "1022157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022157"
},
{
"name": "34842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34842"
},
{
"name": "35211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35211"
},
{
"name": "MDVSA-2009:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gnutls-libgnutls-dos(50445)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50445"
},
{
"name": "[gnutls-devel] 20090423 Re: some crashes on using DSA keys",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502"
},
{
"name": "[gnutls-devel] 20090430 Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1] [CVE-2009-1415]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515"
},
{
"name": "gnutls-dsa-code-execution(50257)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488"
},
{
"name": "gnutls-dsa-dos(50260)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50260"
},
{
"name": "ADV-2009-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"name": "34783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34783"
},
{
"name": "GLSA-200905-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"name": "1022157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022157"
},
{
"name": "34842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34842"
},
{
"name": "35211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35211"
},
{
"name": "MDVSA-2009:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gnutls-libgnutls-dos(50445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50445"
},
{
"name": "[gnutls-devel] 20090423 Re: some crashes on using DSA keys",
"refsource": "MLIST",
"url": "http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502"
},
{
"name": "[gnutls-devel] 20090430 Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1] [CVE-2009-1415]",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515"
},
{
"name": "gnutls-dsa-code-execution(50257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50257"
},
{
"name": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488",
"refsource": "CONFIRM",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488"
},
{
"name": "gnutls-dsa-dos(50260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50260"
},
{
"name": "ADV-2009-1218",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"name": "34783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34783"
},
{
"name": "GLSA-200905-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"name": "1022157",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022157"
},
{
"name": "34842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34842"
},
{
"name": "35211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35211"
},
{
"name": "MDVSA-2009:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1415",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-04-24T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1949 (GCVE-0-2008-1949)
Vulnerability from cvelistv5
Published
2008-05-21 10:00
Modified
2024-08-07 08:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30331"
},
{
"name": "oval:org.mitre.oval:def:9519",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519"
},
{
"name": "31939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31939"
},
{
"name": "USN-613-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"name": "SUSE-SA:2008:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"name": "RHSA-2008:0492",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"name": "GLSA-200805-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"name": "30355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30355"
},
{
"name": "30317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30317"
},
{
"name": "20080520 Vulnerability Advisory on GnuTLS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"name": "RHSA-2008:0489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"name": "20080522 rPSA-2008-0174-1 gnutls",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"name": "30324",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30324"
},
{
"name": "30302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30302"
},
{
"name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"name": "ADV-2008-1583",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"name": "29292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29292"
},
{
"name": "FEDORA-2008-4274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
},
{
"name": "30330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30330"
},
{
"name": "ADV-2008-1582",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"name": "30338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30338"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"name": "DSA-1581",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"name": "FEDORA-2008-4259",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"name": "3902",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"name": "30287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"name": "gnutls-gnutlsrecvclientkxmessage-bo(42530)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42530"
},
{
"name": "FEDORA-2008-4183",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"name": "1020058",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020058"
},
{
"name": "MDVSA-2008:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
},
{
"name": "VU#252626",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/252626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "30331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30331"
},
{
"name": "oval:org.mitre.oval:def:9519",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519"
},
{
"name": "31939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31939"
},
{
"name": "USN-613-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"name": "SUSE-SA:2008:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"name": "RHSA-2008:0492",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"name": "GLSA-200805-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"name": "30355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30355"
},
{
"name": "30317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30317"
},
{
"name": "20080520 Vulnerability Advisory on GnuTLS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"name": "RHSA-2008:0489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"name": "20080522 rPSA-2008-0174-1 gnutls",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"name": "30324",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30324"
},
{
"name": "30302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30302"
},
{
"name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"name": "ADV-2008-1583",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"name": "29292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29292"
},
{
"name": "FEDORA-2008-4274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
},
{
"name": "30330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30330"
},
{
"name": "ADV-2008-1582",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"name": "30338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30338"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"name": "DSA-1581",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"name": "FEDORA-2008-4259",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"name": "3902",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"name": "30287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"name": "gnutls-gnutlsrecvclientkxmessage-bo(42530)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42530"
},
{
"name": "FEDORA-2008-4183",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"name": "1020058",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020058"
},
{
"name": "MDVSA-2008:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
},
{
"name": "VU#252626",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/252626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-1949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30331"
},
{
"name": "oval:org.mitre.oval:def:9519",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519"
},
{
"name": "31939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31939"
},
{
"name": "USN-613-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"name": "SUSE-SA:2008:046",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"name": "RHSA-2008:0492",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"name": "GLSA-200805-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"name": "30355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30355"
},
{
"name": "30317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30317"
},
{
"name": "20080520 Vulnerability Advisory on GnuTLS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"name": "RHSA-2008:0489",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"name": "20080522 rPSA-2008-0174-1 gnutls",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"name": "30324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30324"
},
{
"name": "30302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30302"
},
{
"name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"name": "ADV-2008-1583",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"name": "29292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29292"
},
{
"name": "FEDORA-2008-4274",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
},
{
"name": "30330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30330"
},
{
"name": "ADV-2008-1582",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"name": "30338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30338"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"name": "DSA-1581",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"name": "FEDORA-2008-4259",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"name": "3902",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3902"
},
{
"name": "https://issues.rpath.com/browse/RPL-2552",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"name": "30287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30287"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"name": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
"refsource": "MISC",
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"name": "gnutls-gnutlsrecvclientkxmessage-bo(42530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42530"
},
{
"name": "FEDORA-2008-4183",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"name": "1020058",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020058"
},
{
"name": "MDVSA-2008:106",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
},
{
"name": "VU#252626",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/252626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1949",
"datePublished": "2008-05-21T10:00:00",
"dateReserved": "2008-04-24T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0361 (GCVE-0-2023-0361)
Vulnerability from cvelistv5
Published
2023-02-15 00:00
Modified
2025-03-19 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- side-channel
Summary
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0361"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tlsfuzzer/tlsfuzzer/pull/679"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1050"
},
{
"name": "[debian-lts-announce] 20230218 [SECURITY] [DLA 3321-1] gnutls28 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html"
},
{
"name": "FEDORA-2023-1c4a6a47ae",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/"
},
{
"name": "FEDORA-2023-5b378b82b3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/"
},
{
"name": "FEDORA-2023-4fc4c33f2b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230324-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0361",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T17:44:58.972211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:45:36.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gnutls",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "gnutls-3.7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "side-channel",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-0361"
},
{
"url": "https://github.com/tlsfuzzer/tlsfuzzer/pull/679"
},
{
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1050"
},
{
"name": "[debian-lts-announce] 20230218 [SECURITY] [DLA 3321-1] gnutls28 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html"
},
{
"name": "FEDORA-2023-1c4a6a47ae",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/"
},
{
"name": "FEDORA-2023-5b378b82b3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/"
},
{
"name": "FEDORA-2023-4fc4c33f2b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230324-0005/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-0361",
"datePublished": "2023-02-15T00:00:00.000Z",
"dateReserved": "2023-01-18T00:00:00.000Z",
"dateUpdated": "2025-03-19T17:45:36.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6251 (GCVE-0-2015-6251)
Vulnerability from cvelistv5
Published
2015-08-24 14:00
Modified
2024-08-06 07:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:13.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251902"
},
{
"name": "openSUSE-SU-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html"
},
{
"name": "1033226",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033226"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3"
},
{
"name": "[oss-security] 20150810 CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/10/1"
},
{
"name": "76267",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76267"
},
{
"name": "FEDORA-2015-13287",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12"
},
{
"name": "[oss-security] 20150817 Re: CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/17/6"
},
{
"name": "DSA-3334",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251902"
},
{
"name": "openSUSE-SU-2015:1499",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html"
},
{
"name": "1033226",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033226"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3"
},
{
"name": "[oss-security] 20150810 CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/10/1"
},
{
"name": "76267",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76267"
},
{
"name": "FEDORA-2015-13287",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12"
},
{
"name": "[oss-security] 20150817 Re: CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/17/6"
},
{
"name": "DSA-3334",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-6251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251902",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251902"
},
{
"name": "openSUSE-SU-2015:1499",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html"
},
{
"name": "1033226",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033226"
},
{
"name": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3",
"refsource": "CONFIRM",
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3"
},
{
"name": "[oss-security] 20150810 CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/10/1"
},
{
"name": "76267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76267"
},
{
"name": "FEDORA-2015-13287",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html"
},
{
"name": "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12"
},
{
"name": "[oss-security] 20150817 Re: CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/17/6"
},
{
"name": "DSA-3334",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-6251",
"datePublished": "2015-08-24T14:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:15:13.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2531 (GCVE-0-2004-2531)
Vulnerability from cvelistv5
Published
2005-10-25 04:00
Modified
2024-08-08 01:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1010838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010838"
},
{
"name": "8278",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8278"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hornik.sk/SA/SA-20040802.txt"
},
{
"name": "gnutls-rsa-key-size-dos(16858)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16858"
},
{
"name": "10839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10839"
},
{
"name": "[gnutls-dev] 20040802 gnutls 1.0.17",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.html"
},
{
"name": "12156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1010838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010838"
},
{
"name": "8278",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8278"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hornik.sk/SA/SA-20040802.txt"
},
{
"name": "gnutls-rsa-key-size-dos(16858)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16858"
},
{
"name": "10839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10839"
},
{
"name": "[gnutls-dev] 20040802 gnutls 1.0.17",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.html"
},
{
"name": "12156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1010838",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010838"
},
{
"name": "8278",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8278"
},
{
"name": "http://www.hornik.sk/SA/SA-20040802.txt",
"refsource": "MISC",
"url": "http://www.hornik.sk/SA/SA-20040802.txt"
},
{
"name": "gnutls-rsa-key-size-dos(16858)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16858"
},
{
"name": "10839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10839"
},
{
"name": "[gnutls-dev] 20040802 gnutls 1.0.17",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.html"
},
{
"name": "12156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2531",
"datePublished": "2005-10-25T04:00:00",
"dateReserved": "2005-10-25T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2730 (GCVE-0-2009-2730)
Vulnerability from cvelistv5
Published
2009-08-12 10:00
Modified
2024-08-07 05:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:57.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:8409",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409"
},
{
"name": "1022777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022777"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "[oss-security] 20090814 GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/14/6"
},
{
"name": "RHSA-2009:1232",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1232.html"
},
{
"name": "SUSE-SR:2009:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name": "36496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36496"
},
{
"name": "oval:org.mitre.oval:def:10778",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778"
},
{
"name": "36266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36266"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "gnutls-cn-san-security-bypass(52404)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.network.gnutls.general/1733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libgnutls in GnuTLS before 2.8.2 does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:8409",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409"
},
{
"name": "1022777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022777"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "[oss-security] 20090814 GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/14/6"
},
{
"name": "RHSA-2009:1232",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1232.html"
},
{
"name": "SUSE-SR:2009:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name": "36496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36496"
},
{
"name": "oval:org.mitre.oval:def:10778",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778"
},
{
"name": "36266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36266"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "gnutls-cn-san-security-bypass(52404)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://article.gmane.org/gmane.network.gnutls.general/1733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libgnutls in GnuTLS before 2.8.2 does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:8409",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409"
},
{
"name": "1022777",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022777"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "[oss-security] 20090814 GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/14/6"
},
{
"name": "RHSA-2009:1232",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1232.html"
},
{
"name": "SUSE-SR:2009:015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name": "36496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36496"
},
{
"name": "oval:org.mitre.oval:def:10778",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778"
},
{
"name": "36266",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36266"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "gnutls-cn-san-security-bypass(52404)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404"
},
{
"name": "RHSA-2010:0095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "http://article.gmane.org/gmane.network.gnutls.general/1733",
"refsource": "CONFIRM",
"url": "http://article.gmane.org/gmane.network.gnutls.general/1733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2730",
"datePublished": "2009-08-12T10:00:00",
"dateReserved": "2009-08-10T00:00:00",
"dateUpdated": "2024-08-07T05:59:57.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32990 (GCVE-0-2025-32990)
Vulnerability from cvelistv5
Published
2025-07-10 09:41
Modified
2025-08-15 19:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► |
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T14:06:53.044401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T14:08:18.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.gnutls.org/",
"defaultStatus": "unaffected",
"packageName": "libgnutls",
"versions": [
{
"lessThan": "3.8.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2025-07-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T19:48:12.754Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-32990"
},
{
"name": "RHBZ#2359620",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T01:21:36.656000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-07-09T07:00:00+00:00",
"value": "Made public."
}
],
"title": "Gnutls: vulnerability in gnutls certtool template parsing",
"workarounds": [
{
"lang": "en",
"value": "Currently, no mitigation is available for this vulnerability."
}
],
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-32990",
"datePublished": "2025-07-10T09:41:46.211Z",
"dateReserved": "2025-04-15T01:31:12.104Z",
"dateUpdated": "2025-08-15T19:48:12.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3829 (GCVE-0-2019-3829)
Vulnerability from cvelistv5
Published
2019-03-27 17:24
Modified
2024-08-04 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/issues/694"
},
{
"name": "FEDORA-2019-971ded6f90",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/"
},
{
"name": "FEDORA-2019-e8c1cf958f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/"
},
{
"name": "FEDORA-2019-46df367eed",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"name": "GLSA-201904-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"name": "openSUSE-SU-2019:1353",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190619-0004/"
},
{
"name": "RHSA-2019:3600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnutls",
"vendor": "gnutls",
"versions": [
{
"status": "affected",
"version": "fixed in 3.6.7"
},
{
"status": "affected",
"version": "affected from 3.5.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:08:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/issues/694"
},
{
"name": "FEDORA-2019-971ded6f90",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/"
},
{
"name": "FEDORA-2019-e8c1cf958f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/"
},
{
"name": "FEDORA-2019-46df367eed",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"name": "GLSA-201904-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"name": "openSUSE-SU-2019:1353",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190619-0004/"
},
{
"name": "RHSA-2019:3600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gnutls",
"version": {
"version_data": [
{
"version_value": "fixed in 3.6.7"
},
{
"version_value": "affected from 3.5.8"
}
]
}
}
]
},
"vendor_name": "gnutls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27",
"refsource": "MISC",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829"
},
{
"name": "https://gitlab.com/gnutls/gnutls/issues/694",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/issues/694"
},
{
"name": "FEDORA-2019-971ded6f90",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/"
},
{
"name": "FEDORA-2019-e8c1cf958f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/"
},
{
"name": "FEDORA-2019-46df367eed",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"name": "GLSA-201904-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"name": "openSUSE-SU-2019:1353",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "USN-3999-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190619-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190619-0004/"
},
{
"name": "RHSA-2019:3600",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3829",
"datePublished": "2019-03-27T17:24:17",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0294 (GCVE-0-2015-0294)
Vulnerability from cvelistv5
Published
2020-01-27 15:12
Modified
2024-08-06 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cryptography
Summary
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GnuTLS",
"vendor": "GnuTLS",
"versions": [
{
"status": "affected",
"version": "before 3.3.13"
}
]
}
],
"datePublic": "2015-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cryptography",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T15:12:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GnuTLS",
"version": {
"version_data": [
{
"version_value": "before 3.3.13"
}
]
}
}
]
},
"vendor_name": "GnuTLS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cryptography"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323"
},
{
"name": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff",
"refsource": "MISC",
"url": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff"
},
{
"name": "http://www.debian.org/security/2015/dsa-3191",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0294",
"datePublished": "2020-01-27T15:12:11",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3555 (GCVE-0-2009-3555)
Vulnerability from cvelistv5
Published
2009-11-09 17:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2010-05-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name": "1023427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023427"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100081611"
},
{
"name": "62210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62210"
},
{
"name": "37640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
},
{
"name": "ADV-2010-0916",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0916"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100114327"
},
{
"name": "RHSA-2010:0167",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
},
{
"name": "ADV-2010-2010",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2010"
},
{
"name": "FEDORA-2009-12750",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"
},
{
"name": "ADV-2010-0086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0086"
},
{
"name": "ADV-2010-1673",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1673"
},
{
"name": "[tls] 20091104 TLS renegotiation issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
},
{
"name": "37656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37656"
},
{
"name": "RHSA-2010:0865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
},
{
"name": "39628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "42724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42724"
},
{
"name": "ADV-2009-3310",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3310"
},
{
"name": "ADV-2009-3205",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3205"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
},
{
"name": "39461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100114315"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingate.com/Relnote.php?ver=481"
},
{
"name": "1023204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023204"
},
{
"name": "40866",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40866"
},
{
"name": "HPSBMU02799",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"name": "TA10-222A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "1023211",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023211"
},
{
"name": "SSRT090249",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
},
{
"name": "39317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39317"
},
{
"name": "1023212",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023212"
},
{
"name": "SUSE-SA:2010:061",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
},
{
"name": "39127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39127"
},
{
"name": "40545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40545"
},
{
"name": "ADV-2010-3069",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3069"
},
{
"name": "[4.5] 010: SECURITY FIX: November 26, 2009",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://openbsd.org/errata45.html#010_openssl"
},
{
"name": "1023210",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023210"
},
{
"name": "1023270",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023270"
},
{
"name": "40070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40070"
},
{
"name": "1023273",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023273"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kbase.redhat.com/faq/docs/DOC-20491"
},
{
"name": "USN-927-5",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-927-5"
},
{
"name": "PM12247",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
},
{
"name": "SUSE-SU-2011:0847",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
},
{
"name": "MDVSA-2010:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
},
{
"name": "RHSA-2010:0770",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssl.org/news/secadv_20091111.txt"
},
{
"name": "1023275",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023275"
},
{
"name": "DSA-3253",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"name": "ADV-2009-3484",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3484"
},
{
"name": "1023207",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023207"
},
{
"name": "37859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37859"
},
{
"name": "SSRT101846",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"name": "1021752",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
},
{
"name": "FEDORA-2010-6131",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"
},
{
"name": "ADV-2010-0848",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0848"
},
{
"name": "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
},
{
"name": "39819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39819"
},
{
"name": "IC68055",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.links.org/?p=786"
},
{
"name": "60521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60521"
},
{
"name": "[oss-security] 20091123 Re: CVEs for nginx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
},
{
"name": "VU#120541",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/120541"
},
{
"name": "1023217",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023217"
},
{
"name": "RHSA-2010:0768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
},
{
"name": "ADV-2009-3353",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3353"
},
{
"name": "FEDORA-2010-5357",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
},
{
"name": "39136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
},
{
"name": "ADV-2011-0032",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0032"
},
{
"name": "1023148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023148"
},
{
"name": "openSUSE-SU-2011:0845",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
},
{
"name": "36935",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tombom.co.uk/blog/?p=85"
},
{
"name": "SSRT090208",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "ADV-2010-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "1023218",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023218"
},
{
"name": "ADV-2010-1350",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1350"
},
{
"name": "RHSA-2010:0338",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
},
{
"name": "42379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42379"
},
{
"name": "FEDORA-2009-12775",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"
},
{
"name": "20091109 Transport Layer Security Renegotiation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
},
{
"name": "IC67848",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"
},
{
"name": "1023213",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023213"
},
{
"name": "FEDORA-2010-16240",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
},
{
"name": "ADV-2010-1793",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "oval:org.mitre.oval:def:11617",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://extendedsubset.com/?p=8"
},
{
"name": "37292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37292"
},
{
"name": "SSRT100817",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"name": "tls-renegotiation-weak-security(54158)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
},
{
"name": "APPLE-SA-2010-05-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"name": "39278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39278"
},
{
"name": "1023205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023205"
},
{
"name": "RHSA-2010:0130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html"
},
{
"name": "HPSBUX02482",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
},
{
"name": "HPSBHF03293",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4004"
},
{
"name": "1023215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023215"
},
{
"name": "USN-1010-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1010-1"
},
{
"name": "1023206",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023206"
},
{
"name": "SUSE-SR:2010:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "GLSA-200912-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"name": "SSRT090180",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
},
{
"name": "ADV-2009-3313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3313"
},
{
"name": "274990",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
},
{
"name": "1023208",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023208"
},
{
"name": "43308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43308"
},
{
"name": "1023214",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023214"
},
{
"name": "SUSE-SA:2009:057",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
},
{
"name": "38781",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38781"
},
{
"name": "HPSBOV02762",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"name": "HPSBMA02534",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
},
{
"name": "DSA-1934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1934"
},
{
"name": "FEDORA-2009-12782",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"
},
{
"name": "oval:org.mitre.oval:def:7478",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"
},
{
"name": "1023271",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023271"
},
{
"name": "APPLE-SA-2010-01-19-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
},
{
"name": "[cryptography] 20091105 OpenSSL 0.9.8l released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
},
{
"name": "42467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42467"
},
{
"name": "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:7315",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"
},
{
"name": "1023224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023224"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "USN-927-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-927-4"
},
{
"name": "41490",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41490"
},
{
"name": "20091124 rPSA-2009-0155-1 httpd mod_ssl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
},
{
"name": "1023243",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023243"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
},
{
"name": "37504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37504"
},
{
"name": "1023219",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023219"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
},
{
"name": "1023163",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023163"
},
{
"name": "HPSBHF02706",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"name": "ADV-2009-3521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3521"
},
{
"name": "oval:org.mitre.oval:def:7973",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"
},
{
"name": "HPSBMA02568",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
},
{
"name": "oval:org.mitre.oval:def:10088",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"
},
{
"name": "44183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
},
{
"name": "42808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42808"
},
{
"name": "39500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39500"
},
{
"name": "oval:org.mitre.oval:def:11578",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "ADV-2009-3220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3220"
},
{
"name": "SSRT100179",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SSRT100089",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
},
{
"name": "RHSA-2010:0165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html"
},
{
"name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"name": "RHSA-2010:0987",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
},
{
"name": "1023411",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023411"
},
{
"name": "RHSA-2010:0339",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
},
{
"name": "RHSA-2010:0986",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
},
{
"name": "ADV-2009-3164",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3164"
},
{
"name": "37383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37383"
},
{
"name": "FEDORA-2009-12229",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"
},
{
"name": "44954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44954"
},
{
"name": "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
},
{
"name": "HPSBUX02524",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100070150"
},
{
"name": "40747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40747"
},
{
"name": "HPSBUX02498",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
},
{
"name": "HPSBMU02759",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"name": "39292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39292"
},
{
"name": "42816",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42816"
},
{
"name": "IC68054",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
},
{
"name": "273029",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
},
{
"name": "FEDORA-2009-12604",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://extendedsubset.com/Renegotiating_TLS.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4170"
},
{
"name": "20091118 TLS / SSLv3 vulnerability explained (DRAFT)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
},
{
"name": "1023209",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023209"
},
{
"name": "PM00675",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "HPSBOV02683",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "48577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48577"
},
{
"name": "SSA:2009-320-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.links.org/?p=789"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
},
{
"name": "RHSA-2011:0880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"name": "SUSE-SR:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"name": "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
},
{
"name": "FEDORA-2009-12305",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX123359"
},
{
"name": "37501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37501"
},
{
"name": "MDVSA-2010:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
},
{
"name": "HPSBUX02517",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
},
{
"name": "ADV-2009-3587",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3587"
},
{
"name": "39632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39632"
},
{
"name": "SSRT090264",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
},
{
"name": "38687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38687"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
},
{
"name": "MS10-049",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
},
{
"name": "ADV-2010-0982",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0982"
},
{
"name": "SSRT100825",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"name": "37399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37399"
},
{
"name": "USN-927-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-927-1"
},
{
"name": "1023272",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023272"
},
{
"name": "FEDORA-2009-12606",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"
},
{
"name": "ADV-2010-3126",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"name": "37320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37320"
},
{
"name": "ADV-2009-3165",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3165"
},
{
"name": "ADV-2010-1639",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1639"
},
{
"name": "38020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38020"
},
{
"name": "USN-923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-923-1"
},
{
"name": "39243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39243"
},
{
"name": "oval:org.mitre.oval:def:8366",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"
},
{
"name": "37453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
},
{
"name": "ADV-2010-0933",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0933"
},
{
"name": "SSRT100219",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "41972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41972"
},
{
"name": "ADV-2010-3086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3086"
},
{
"name": "DSA-2141",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2141"
},
{
"name": "1024789",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024789"
},
{
"name": "RHSA-2010:0155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
},
{
"name": "ADV-2011-0033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0033"
},
{
"name": "RHSA-2010:0337",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
},
{
"name": "1023216",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023216"
},
{
"name": "41480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41480"
},
{
"name": "ADV-2011-0086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0086"
},
{
"name": "41818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41818"
},
{
"name": "37604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37604"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/search/view/944/"
},
{
"name": "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "TA10-287A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.links.org/?p=780"
},
{
"name": "RHSA-2010:0119",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html"
},
{
"name": "38056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38056"
},
{
"name": "ADV-2010-0748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0748"
},
{
"name": "37675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37675"
},
{
"name": "oval:org.mitre.oval:def:8535",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"
},
{
"name": "HPSBMA02547",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SSRT100058",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"name": "RHSA-2010:0786",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
},
{
"name": "38003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4171"
},
{
"name": "1023428",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023428"
},
{
"name": "SSRT100613",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"name": "[oss-security] 20091120 CVEs for nginx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
},
{
"name": "ADV-2009-3354",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"name": "1023274",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023274"
},
{
"name": "FEDORA-2009-12968",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"
},
{
"name": "39242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39242"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
},
{
"name": "38241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38241"
},
{
"name": "42377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42377"
},
{
"name": "GLSA-201203-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"name": "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
},
{
"name": "SUSE-SR:2010:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "60972",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60972"
},
{
"name": "1023426",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023426"
},
{
"name": "38484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38484"
},
{
"name": "MDVSA-2010:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.betanews.com/article/1257452450"
},
{
"name": "1021653",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "[4.6] 004: SECURITY FIX: November 26, 2009",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://openbsd.org/errata46.html#004_openssl"
},
{
"name": "41967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41967"
},
{
"name": "RHSA-2010:0807",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
},
{
"name": "ADV-2010-1191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1191"
},
{
"name": "20091111 Re: SSL/TLS MiTM PoC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Nov/139"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
},
{
"name": "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
},
{
"name": "39713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39713"
},
{
"name": "42733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42733"
},
{
"name": "37291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37291"
},
{
"name": "FEDORA-2010-16312",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
},
{
"name": "FEDORA-2010-5942",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"
},
{
"name": "ADV-2010-2745",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2745"
},
{
"name": "273350",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
},
{
"name": "ADV-2010-0994",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0994"
},
{
"name": "ADV-2010-0173",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0173"
},
{
"name": "ADV-2010-1054",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1054"
},
{
"name": "65202",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65202"
},
{
"name": "HPSBGN02562",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"
},
{
"name": "FEDORA-2010-16294",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
},
{
"name": "[gnutls-devel] 20091105 Re: TLS renegotiation MITM",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
},
{
"name": "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://clicky.me/tlsvuln"
},
{
"name": "42811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42811"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T16:08:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "APPLE-SA-2010-05-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name": "1023427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023427"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100081611"
},
{
"name": "62210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62210"
},
{
"name": "37640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
},
{
"name": "ADV-2010-0916",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0916"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100114327"
},
{
"name": "RHSA-2010:0167",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
},
{
"name": "ADV-2010-2010",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2010"
},
{
"name": "FEDORA-2009-12750",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"
},
{
"name": "ADV-2010-0086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0086"
},
{
"name": "ADV-2010-1673",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1673"
},
{
"name": "[tls] 20091104 TLS renegotiation issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
},
{
"name": "37656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37656"
},
{
"name": "RHSA-2010:0865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
},
{
"name": "39628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "42724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42724"
},
{
"name": "ADV-2009-3310",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3310"
},
{
"name": "ADV-2009-3205",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3205"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
},
{
"name": "39461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100114315"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingate.com/Relnote.php?ver=481"
},
{
"name": "1023204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023204"
},
{
"name": "40866",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40866"
},
{
"name": "HPSBMU02799",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"name": "TA10-222A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "1023211",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023211"
},
{
"name": "SSRT090249",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
},
{
"name": "39317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39317"
},
{
"name": "1023212",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023212"
},
{
"name": "SUSE-SA:2010:061",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
},
{
"name": "39127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39127"
},
{
"name": "40545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40545"
},
{
"name": "ADV-2010-3069",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3069"
},
{
"name": "[4.5] 010: SECURITY FIX: November 26, 2009",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://openbsd.org/errata45.html#010_openssl"
},
{
"name": "1023210",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023210"
},
{
"name": "1023270",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023270"
},
{
"name": "40070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40070"
},
{
"name": "1023273",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023273"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kbase.redhat.com/faq/docs/DOC-20491"
},
{
"name": "USN-927-5",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-927-5"
},
{
"name": "PM12247",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
},
{
"name": "SUSE-SU-2011:0847",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
},
{
"name": "MDVSA-2010:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
},
{
"name": "RHSA-2010:0770",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssl.org/news/secadv_20091111.txt"
},
{
"name": "1023275",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023275"
},
{
"name": "DSA-3253",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"name": "ADV-2009-3484",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3484"
},
{
"name": "1023207",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023207"
},
{
"name": "37859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37859"
},
{
"name": "SSRT101846",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"name": "1021752",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
},
{
"name": "FEDORA-2010-6131",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"
},
{
"name": "ADV-2010-0848",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0848"
},
{
"name": "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
},
{
"name": "39819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39819"
},
{
"name": "IC68055",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.links.org/?p=786"
},
{
"name": "60521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60521"
},
{
"name": "[oss-security] 20091123 Re: CVEs for nginx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
},
{
"name": "VU#120541",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/120541"
},
{
"name": "1023217",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023217"
},
{
"name": "RHSA-2010:0768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
},
{
"name": "ADV-2009-3353",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3353"
},
{
"name": "FEDORA-2010-5357",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
},
{
"name": "39136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
},
{
"name": "ADV-2011-0032",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0032"
},
{
"name": "1023148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023148"
},
{
"name": "openSUSE-SU-2011:0845",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
},
{
"name": "36935",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tombom.co.uk/blog/?p=85"
},
{
"name": "SSRT090208",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "ADV-2010-1107",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "1023218",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023218"
},
{
"name": "ADV-2010-1350",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1350"
},
{
"name": "RHSA-2010:0338",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
},
{
"name": "42379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42379"
},
{
"name": "FEDORA-2009-12775",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"
},
{
"name": "20091109 Transport Layer Security Renegotiation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
},
{
"name": "IC67848",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"
},
{
"name": "1023213",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023213"
},
{
"name": "FEDORA-2010-16240",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
},
{
"name": "ADV-2010-1793",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "oval:org.mitre.oval:def:11617",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://extendedsubset.com/?p=8"
},
{
"name": "37292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37292"
},
{
"name": "SSRT100817",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"name": "tls-renegotiation-weak-security(54158)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
},
{
"name": "APPLE-SA-2010-05-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"name": "39278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39278"
},
{
"name": "1023205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023205"
},
{
"name": "RHSA-2010:0130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html"
},
{
"name": "HPSBUX02482",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
},
{
"name": "HPSBHF03293",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4004"
},
{
"name": "1023215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023215"
},
{
"name": "USN-1010-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1010-1"
},
{
"name": "1023206",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023206"
},
{
"name": "SUSE-SR:2010:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "GLSA-200912-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"name": "SSRT090180",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
},
{
"name": "ADV-2009-3313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3313"
},
{
"name": "274990",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
},
{
"name": "1023208",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023208"
},
{
"name": "43308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43308"
},
{
"name": "1023214",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023214"
},
{
"name": "SUSE-SA:2009:057",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
},
{
"name": "38781",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38781"
},
{
"name": "HPSBOV02762",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"name": "HPSBMA02534",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
},
{
"name": "DSA-1934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1934"
},
{
"name": "FEDORA-2009-12782",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"
},
{
"name": "oval:org.mitre.oval:def:7478",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"
},
{
"name": "1023271",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023271"
},
{
"name": "APPLE-SA-2010-01-19-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
},
{
"name": "[cryptography] 20091105 OpenSSL 0.9.8l released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
},
{
"name": "42467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42467"
},
{
"name": "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:7315",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"
},
{
"name": "1023224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023224"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "USN-927-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-927-4"
},
{
"name": "41490",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41490"
},
{
"name": "20091124 rPSA-2009-0155-1 httpd mod_ssl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
},
{
"name": "1023243",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023243"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
},
{
"name": "37504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37504"
},
{
"name": "1023219",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023219"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
},
{
"name": "1023163",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023163"
},
{
"name": "HPSBHF02706",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"name": "ADV-2009-3521",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3521"
},
{
"name": "oval:org.mitre.oval:def:7973",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"
},
{
"name": "HPSBMA02568",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
},
{
"name": "oval:org.mitre.oval:def:10088",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"
},
{
"name": "44183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
},
{
"name": "42808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42808"
},
{
"name": "39500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39500"
},
{
"name": "oval:org.mitre.oval:def:11578",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "ADV-2009-3220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3220"
},
{
"name": "SSRT100179",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SSRT100089",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
},
{
"name": "RHSA-2010:0165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html"
},
{
"name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"name": "RHSA-2010:0987",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
},
{
"name": "1023411",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023411"
},
{
"name": "RHSA-2010:0339",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
},
{
"name": "RHSA-2010:0986",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
},
{
"name": "ADV-2009-3164",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3164"
},
{
"name": "37383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37383"
},
{
"name": "FEDORA-2009-12229",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"
},
{
"name": "44954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44954"
},
{
"name": "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
},
{
"name": "HPSBUX02524",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100070150"
},
{
"name": "40747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40747"
},
{
"name": "HPSBUX02498",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
},
{
"name": "HPSBMU02759",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"name": "39292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39292"
},
{
"name": "42816",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42816"
},
{
"name": "IC68054",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
},
{
"name": "273029",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
},
{
"name": "FEDORA-2009-12604",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://extendedsubset.com/Renegotiating_TLS.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4170"
},
{
"name": "20091118 TLS / SSLv3 vulnerability explained (DRAFT)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
},
{
"name": "1023209",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023209"
},
{
"name": "PM00675",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "HPSBOV02683",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "48577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48577"
},
{
"name": "SSA:2009-320-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.links.org/?p=789"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
},
{
"name": "RHSA-2011:0880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"name": "SUSE-SR:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"name": "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
},
{
"name": "FEDORA-2009-12305",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX123359"
},
{
"name": "37501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37501"
},
{
"name": "MDVSA-2010:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
},
{
"name": "HPSBUX02517",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
},
{
"name": "ADV-2009-3587",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3587"
},
{
"name": "39632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39632"
},
{
"name": "SSRT090264",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
},
{
"name": "38687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38687"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
},
{
"name": "MS10-049",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
},
{
"name": "ADV-2010-0982",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0982"
},
{
"name": "SSRT100825",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"name": "37399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37399"
},
{
"name": "USN-927-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-927-1"
},
{
"name": "1023272",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023272"
},
{
"name": "FEDORA-2009-12606",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"
},
{
"name": "ADV-2010-3126",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"name": "37320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37320"
},
{
"name": "ADV-2009-3165",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3165"
},
{
"name": "ADV-2010-1639",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1639"
},
{
"name": "38020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38020"
},
{
"name": "USN-923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-923-1"
},
{
"name": "39243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39243"
},
{
"name": "oval:org.mitre.oval:def:8366",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"
},
{
"name": "37453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
},
{
"name": "ADV-2010-0933",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0933"
},
{
"name": "SSRT100219",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "41972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41972"
},
{
"name": "ADV-2010-3086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3086"
},
{
"name": "DSA-2141",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2141"
},
{
"name": "1024789",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024789"
},
{
"name": "RHSA-2010:0155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
},
{
"name": "ADV-2011-0033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0033"
},
{
"name": "RHSA-2010:0337",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
},
{
"name": "1023216",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023216"
},
{
"name": "41480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41480"
},
{
"name": "ADV-2011-0086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0086"
},
{
"name": "41818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41818"
},
{
"name": "37604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37604"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/search/view/944/"
},
{
"name": "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "TA10-287A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.links.org/?p=780"
},
{
"name": "RHSA-2010:0119",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html"
},
{
"name": "38056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38056"
},
{
"name": "ADV-2010-0748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0748"
},
{
"name": "37675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37675"
},
{
"name": "oval:org.mitre.oval:def:8535",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"
},
{
"name": "HPSBMA02547",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SSRT100058",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"name": "RHSA-2010:0786",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
},
{
"name": "38003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4171"
},
{
"name": "1023428",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023428"
},
{
"name": "SSRT100613",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"name": "[oss-security] 20091120 CVEs for nginx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
},
{
"name": "ADV-2009-3354",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"name": "1023274",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023274"
},
{
"name": "FEDORA-2009-12968",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"
},
{
"name": "39242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39242"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
},
{
"name": "38241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38241"
},
{
"name": "42377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42377"
},
{
"name": "GLSA-201203-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"name": "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
},
{
"name": "SUSE-SR:2010:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "60972",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60972"
},
{
"name": "1023426",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023426"
},
{
"name": "38484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38484"
},
{
"name": "MDVSA-2010:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.betanews.com/article/1257452450"
},
{
"name": "1021653",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "[4.6] 004: SECURITY FIX: November 26, 2009",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://openbsd.org/errata46.html#004_openssl"
},
{
"name": "41967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41967"
},
{
"name": "RHSA-2010:0807",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
},
{
"name": "ADV-2010-1191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1191"
},
{
"name": "20091111 Re: SSL/TLS MiTM PoC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Nov/139"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
},
{
"name": "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
},
{
"name": "39713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39713"
},
{
"name": "42733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42733"
},
{
"name": "37291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37291"
},
{
"name": "FEDORA-2010-16312",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
},
{
"name": "FEDORA-2010-5942",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"
},
{
"name": "ADV-2010-2745",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2745"
},
{
"name": "273350",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
},
{
"name": "ADV-2010-0994",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0994"
},
{
"name": "ADV-2010-0173",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0173"
},
{
"name": "ADV-2010-1054",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1054"
},
{
"name": "65202",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65202"
},
{
"name": "HPSBGN02562",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"
},
{
"name": "FEDORA-2010-16294",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
},
{
"name": "[gnutls-devel] 20091105 Re: TLS renegotiation MITM",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
},
{
"name": "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://clicky.me/tlsvuln"
},
{
"name": "42811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42811"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3555",
"datePublished": "2009-11-09T17:00:00",
"dateReserved": "2009-10-05T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7239 (GCVE-0-2006-7239)
Vulnerability from cvelistv5
Published
2010-05-24 19:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:41.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "[gnutls-dev] 20060812 GnuTLS 1.4.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html"
},
{
"name": "[gnutls-dev] 20060812 Re: [Fwd: crash in GNUTLS-1.4.0]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-24T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "[gnutls-dev] 20060812 GnuTLS 1.4.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html"
},
{
"name": "[gnutls-dev] 20060812 Re: [Fwd: crash in GNUTLS-1.4.0]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-7239",
"datePublished": "2010-05-24T19:00:00Z",
"dateReserved": "2010-05-24T00:00:00Z",
"dateUpdated": "2024-08-07T20:57:41.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2409 (GCVE-0-2009-2409)
Vulnerability from cvelistv5
Published
2009-07-30 19:00
Modified
2024-08-07 05:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36139"
},
{
"name": "36157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36157"
},
{
"name": "MDVSA-2009:197",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"name": "MDVSA-2009:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"name": "DSA-1888",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2009/dsa-1888"
},
{
"name": "oval:org.mitre.oval:def:8594",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594"
},
{
"name": "GLSA-200911-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "36434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36434"
},
{
"name": "GLSA-200912-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"name": "1022631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022631"
},
{
"name": "42467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42467"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"name": "RHSA-2009:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"name": "36669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36669"
},
{
"name": "RHSA-2009:1432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"name": "USN-810-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"name": "oval:org.mitre.oval:def:10763",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763"
},
{
"name": "MDVSA-2009:258",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258"
},
{
"name": "USN-810-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://java.sun.com/javase/6/webnotes/6u17.html"
},
{
"name": "oval:org.mitre.oval:def:7155",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"name": "ADV-2010-3126",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"name": "oval:org.mitre.oval:def:6631",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "MDVSA-2010:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"name": "37386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37386"
},
{
"name": "ADV-2009-2085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"name": "DSA-1874",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"name": "36739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36739"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "36139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36139"
},
{
"name": "36157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36157"
},
{
"name": "MDVSA-2009:197",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"name": "MDVSA-2009:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"name": "DSA-1888",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2009/dsa-1888"
},
{
"name": "oval:org.mitre.oval:def:8594",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594"
},
{
"name": "GLSA-200911-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "36434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36434"
},
{
"name": "GLSA-200912-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"name": "1022631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022631"
},
{
"name": "42467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42467"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"name": "RHSA-2009:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"name": "36669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36669"
},
{
"name": "RHSA-2009:1432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"name": "USN-810-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"name": "oval:org.mitre.oval:def:10763",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763"
},
{
"name": "MDVSA-2009:258",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258"
},
{
"name": "USN-810-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/810-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://java.sun.com/javase/6/webnotes/6u17.html"
},
{
"name": "oval:org.mitre.oval:def:7155",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"name": "ADV-2010-3126",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"name": "oval:org.mitre.oval:def:6631",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "MDVSA-2010:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"name": "37386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37386"
},
{
"name": "ADV-2009-2085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"name": "DSA-1874",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"name": "36739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36739"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-2409",
"datePublished": "2009-07-30T19:00:00",
"dateReserved": "2009-07-09T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8313 (GCVE-0-2015-8313)
Vulnerability from cvelistv5
Published
2019-12-20 13:10
Modified
2024-08-06 08:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GnuTLS incorrectly validates the first byte of padding in CBC modes
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2015-8313"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3408"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537012/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GnuTLS incorrectly validates the first byte of padding in CBC modes"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-20T13:10:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2015-8313"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/78327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3408"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/archive/1/537012/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuTLS incorrectly validates the first byte of padding in CBC modes"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2015-8313",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2015-8313"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313"
},
{
"name": "http://www.securityfocus.com/bid/78327",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/78327"
},
{
"name": "http://www.debian.org/security/2015/dsa-3408",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3408"
},
{
"name": "http://www.securityfocus.com/archive/1/537012/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/537012/100/0/threaded"
},
{
"name": "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html",
"refsource": "MISC",
"url": "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8313",
"datePublished": "2019-12-20T13:10:23",
"dateReserved": "2015-11-21T00:00:00",
"dateUpdated": "2024-08-06T08:13:32.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2377 (GCVE-0-2008-2377)
Vulnerability from cvelistv5
Published
2008-08-08 19:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[gnutls-devel] 20080630 GnuTLS 2.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2650"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "[gnutls-devel] 20080630 Details on the gnutls_handshake local crash problem [GNUTLS-SA-2008-2]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html"
},
{
"name": "ADV-2008-2398",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2398"
},
{
"name": "30713",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30713"
},
{
"name": "gnutls-gnutlshandshake-code-execution(44486)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44486"
},
{
"name": "31505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[gnutls-devel] 20080630 GnuTLS 2.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2650"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "[gnutls-devel] 20080630 Details on the gnutls_handshake local crash problem [GNUTLS-SA-2008-2]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html"
},
{
"name": "ADV-2008-2398",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2398"
},
{
"name": "30713",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30713"
},
{
"name": "gnutls-gnutlshandshake-code-execution(44486)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44486"
},
{
"name": "31505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31505"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2377",
"datePublished": "2008-08-08T19:00:00",
"dateReserved": "2008-05-21T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4128 (GCVE-0-2011-4128)
Vulnerability from cvelistv5
Published
2011-12-08 20:00
Modified
2024-08-07 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1418-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1418-1"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=e82ef4545e9e98cbcb032f55d7c750b81e3a0450"
},
{
"name": "[oss-security] 20111108 CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/11/09/2"
},
{
"name": "48712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "FEDORA-2012-4569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752308"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "48596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48596"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=190cef6eed37d0e73a73c1e205eb31d45ab60a3c"
},
{
"name": "MDVSA-2012:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:045"
},
{
"name": "[gnutls-devel] 20111108 Possible buffer overflow on gnutls_session_get_data",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596"
},
{
"name": "[oss-security] 20111109 Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/11/09/4"
},
{
"name": "RHSA-2012:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1418-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1418-1"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=e82ef4545e9e98cbcb032f55d7c750b81e3a0450"
},
{
"name": "[oss-security] 20111108 CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/11/09/2"
},
{
"name": "48712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "FEDORA-2012-4569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752308"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "48596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48596"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=190cef6eed37d0e73a73c1e205eb31d45ab60a3c"
},
{
"name": "MDVSA-2012:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:045"
},
{
"name": "[gnutls-devel] 20111108 Possible buffer overflow on gnutls_session_get_data",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596"
},
{
"name": "[oss-security] 20111109 Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/11/09/4"
},
{
"name": "RHSA-2012:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1418-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1418-1"
},
{
"name": "RHSA-2012:0531",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450"
},
{
"name": "[oss-security] 20111108 CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/11/09/2"
},
{
"name": "48712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48712"
},
{
"name": "http://www.gnu.org/software/gnutls/security.html",
"refsource": "CONFIRM",
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "FEDORA-2012-4569",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=752308",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752308"
},
{
"name": "RHSA-2012:0488",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "48596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48596"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c"
},
{
"name": "MDVSA-2012:045",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:045"
},
{
"name": "[gnutls-devel] 20111108 Possible buffer overflow on gnutls_session_get_data",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596"
},
{
"name": "[oss-security] 20111109 Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/11/09/4"
},
{
"name": "RHSA-2012:0429",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4128",
"datePublished": "2011-12-08T20:00:00",
"dateReserved": "2011-10-18T00:00:00",
"dateUpdated": "2024-08-07T00:01:51.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0390 (GCVE-0-2012-0390)
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-06 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:31.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57260"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-18T11:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57260"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57260"
},
{
"name": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf",
"refsource": "MISC",
"url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf"
},
{
"name": "SUSE-SU-2014:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0390",
"datePublished": "2012-01-06T01:00:00",
"dateReserved": "2012-01-05T00:00:00",
"dateUpdated": "2024-08-06T18:23:31.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1663 (GCVE-0-2012-1663)
Vulnerability from cvelistv5
Published
2012-03-13 22:00
Modified
2024-08-06 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gnutls-libgnutls-certificate-dos(74099)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74099"
},
{
"name": "24865",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24865"
},
{
"name": "[gnutls-devel] 20120224 gnutls 3.0.14",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gnutls-libgnutls-certificate-dos(74099)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74099"
},
{
"name": "24865",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/24865"
},
{
"name": "[gnutls-devel] 20120224 gnutls 3.0.14",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gnutls-libgnutls-certificate-dos(74099)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74099"
},
{
"name": "24865",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24865"
},
{
"name": "[gnutls-devel] 20120224 gnutls 3.0.14",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1663",
"datePublished": "2012-03-13T22:00:00",
"dateReserved": "2012-03-13T00:00:00",
"dateUpdated": "2024-08-06T19:01:02.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1950 (GCVE-0-2008-1950)
Vulnerability from cvelistv5
Published
2008-05-21 10:00
Modified
2024-08-07 08:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30331"
},
{
"name": "31939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31939"
},
{
"name": "USN-613-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"name": "SUSE-SA:2008:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"name": "RHSA-2008:0492",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"name": "GLSA-200805-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"name": "30355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30355"
},
{
"name": "30317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30317"
},
{
"name": "20080520 Vulnerability Advisory on GnuTLS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"name": "RHSA-2008:0489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"name": "20080522 rPSA-2008-0174-1 gnutls",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"name": "30324",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30324"
},
{
"name": "30302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30302"
},
{
"name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"name": "ADV-2008-1583",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"name": "29292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29292"
},
{
"name": "FEDORA-2008-4274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
},
{
"name": "30330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30330"
},
{
"name": "1020059",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020059"
},
{
"name": "ADV-2008-1582",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"name": "VU#659209",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/659209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"name": "30338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30338"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"name": "DSA-1581",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"name": "gnutls-gnutlsciphertext2compressed-bo(42533)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533"
},
{
"name": "FEDORA-2008-4259",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"name": "3902",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"name": "30287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"name": "FEDORA-2008-4183",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"name": "oval:org.mitre.oval:def:11393",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393"
},
{
"name": "MDVSA-2008:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "30331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30331"
},
{
"name": "31939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31939"
},
{
"name": "USN-613-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"name": "SUSE-SA:2008:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"name": "RHSA-2008:0492",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"name": "GLSA-200805-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"name": "30355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30355"
},
{
"name": "30317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30317"
},
{
"name": "20080520 Vulnerability Advisory on GnuTLS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"name": "RHSA-2008:0489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"name": "20080522 rPSA-2008-0174-1 gnutls",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"name": "30324",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30324"
},
{
"name": "30302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30302"
},
{
"name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"name": "ADV-2008-1583",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"name": "29292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29292"
},
{
"name": "FEDORA-2008-4274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
},
{
"name": "30330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30330"
},
{
"name": "1020059",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020059"
},
{
"name": "ADV-2008-1582",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"name": "VU#659209",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/659209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"name": "30338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30338"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"name": "DSA-1581",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"name": "gnutls-gnutlsciphertext2compressed-bo(42533)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533"
},
{
"name": "FEDORA-2008-4259",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"name": "3902",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"name": "30287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"name": "FEDORA-2008-4183",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"name": "oval:org.mitre.oval:def:11393",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393"
},
{
"name": "MDVSA-2008:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-1950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30331"
},
{
"name": "31939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31939"
},
{
"name": "USN-613-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"name": "SUSE-SA:2008:046",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"name": "RHSA-2008:0492",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"name": "GLSA-200805-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"name": "30355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30355"
},
{
"name": "30317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30317"
},
{
"name": "20080520 Vulnerability Advisory on GnuTLS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"name": "RHSA-2008:0489",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"name": "20080522 rPSA-2008-0174-1 gnutls",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"name": "30324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30324"
},
{
"name": "30302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30302"
},
{
"name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"name": "ADV-2008-1583",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"name": "29292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29292"
},
{
"name": "FEDORA-2008-4274",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
},
{
"name": "30330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30330"
},
{
"name": "1020059",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020059"
},
{
"name": "ADV-2008-1582",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"name": "VU#659209",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/659209"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"name": "30338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30338"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"name": "DSA-1581",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"name": "gnutls-gnutlsciphertext2compressed-bo(42533)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533"
},
{
"name": "FEDORA-2008-4259",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"name": "3902",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3902"
},
{
"name": "https://issues.rpath.com/browse/RPL-2552",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"name": "30287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30287"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"name": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
"refsource": "MISC",
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"name": "FEDORA-2008-4183",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"name": "oval:org.mitre.oval:def:11393",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393"
},
{
"name": "MDVSA-2008:106",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1950",
"datePublished": "2008-05-21T10:00:00",
"dateReserved": "2008-04-24T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4209 (GCVE-0-2021-4209)
Vulnerability from cvelistv5
Published
2022-08-24 15:07
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - - NULL Pointer Dereference
Summary
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4209"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GnuTLS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in gnutls v3.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle\u0027s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 - NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-15T17:06:40",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4209"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-4209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GnuTLS",
"version": {
"version_data": [
{
"version_value": "Fixed in gnutls v3.7.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle\u0027s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 - NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gnutls/gnutls/-/issues/1306",
"refsource": "MISC",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2021-4209",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2021-4209"
},
{
"name": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503",
"refsource": "MISC",
"url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"
},
{
"name": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568",
"refsource": "MISC",
"url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220915-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220915-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4209",
"datePublished": "2022-08-24T15:07:31",
"dateReserved": "2022-01-24T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8564 (GCVE-0-2014-8564)
Vulnerability from cvelistv5
Published
2014-11-13 15:00
Modified
2024-08-06 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59991"
},
{
"name": "RHSA-2014:1846",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1846.html"
},
{
"name": "USN-2403-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2403-1"
},
{
"name": "62294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62294"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161443"
},
{
"name": "62284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62284"
},
{
"name": "openSUSE-SU-2014:1472",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-24T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "59991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59991"
},
{
"name": "RHSA-2014:1846",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1846.html"
},
{
"name": "USN-2403-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2403-1"
},
{
"name": "62294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62294"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161443"
},
{
"name": "62284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62284"
},
{
"name": "openSUSE-SU-2014:1472",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59991"
},
{
"name": "RHSA-2014:1846",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1846.html"
},
{
"name": "USN-2403-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2403-1"
},
{
"name": "62294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62294"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1161443",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161443"
},
{
"name": "62284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62284"
},
{
"name": "openSUSE-SU-2014:1472",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8564",
"datePublished": "2014-11-13T15:00:00",
"dateReserved": "2014-10-30T00:00:00",
"dateUpdated": "2024-08-06T13:18:48.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0731 (GCVE-0-2010-0731)
Vulnerability from cvelistv5
Published
2010-03-26 18:00
Modified
2024-08-07 00:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0167",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
},
{
"name": "39127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39127"
},
{
"name": "MDVSA-2010:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
},
{
"name": "38959",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38959"
},
{
"name": "ADV-2010-0713",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0713"
},
{
"name": "oval:org.mitre.oval:def:9759",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9759"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=573028"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "ADV-2010-1054",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0167",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
},
{
"name": "39127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39127"
},
{
"name": "MDVSA-2010:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
},
{
"name": "38959",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38959"
},
{
"name": "ADV-2010-0713",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0713"
},
{
"name": "oval:org.mitre.oval:def:9759",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9759"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=573028"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "ADV-2010-1054",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1054"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0731",
"datePublished": "2010-03-26T18:00:00",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:39.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1416 (GCVE-0-2009-1416)
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 05:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[help-gnutls] 20090420 Encryption using DSA keys",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html"
},
{
"name": "[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516"
},
{
"name": "1022158",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022158"
},
{
"name": "ADV-2009-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"name": "34783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34783"
},
{
"name": "GLSA-200905-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"name": "34842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34842"
},
{
"name": "35211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35211"
},
{
"name": "MDVSA-2009:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-13T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[help-gnutls] 20090420 Encryption using DSA keys",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html"
},
{
"name": "[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516"
},
{
"name": "1022158",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022158"
},
{
"name": "ADV-2009-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"name": "34783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34783"
},
{
"name": "GLSA-200905-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"name": "34842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34842"
},
{
"name": "35211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35211"
},
{
"name": "MDVSA-2009:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[help-gnutls] 20090420 Encryption using DSA keys",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html"
},
{
"name": "[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516"
},
{
"name": "1022158",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022158"
},
{
"name": "ADV-2009-1218",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"name": "34783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34783"
},
{
"name": "GLSA-200905-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"name": "34842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34842"
},
{
"name": "35211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35211"
},
{
"name": "MDVSA-2009:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1416",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-04-24T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0092 (GCVE-0-2014-0092)
Vulnerability from cvelistv5
Published
2014-03-06 18:00
Modified
2024-08-06 09:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57321"
},
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2014:0288",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0288.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gnutls.org/security.html#GNUTLS-SA-2014-2"
},
{
"name": "SUSE-SU-2014:0445",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html"
},
{
"name": "57274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57274"
},
{
"name": "SUSE-SU-2014:0319",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html"
},
{
"name": "RHSA-2014:0247",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0247.html"
},
{
"name": "65919",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65919"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "SUSE-SU-2014:0322",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"name": "SUSE-SU-2014:0324",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html"
},
{
"name": "57254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57254"
},
{
"name": "RHSA-2014:0339",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0339.html"
},
{
"name": "56933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56933"
},
{
"name": "SUSE-SU-2014:0323",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html"
},
{
"name": "RHSA-2014:0246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0246.html"
},
{
"name": "SUSE-SU-2014:0321",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069865"
},
{
"name": "USN-2127-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2127-1"
},
{
"name": "57204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57204"
},
{
"name": "openSUSE-SU-2014:0346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
},
{
"name": "57103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57103"
},
{
"name": "openSUSE-SU-2014:0328",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html"
},
{
"name": "openSUSE-SU-2014:0325",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html"
},
{
"name": "DSA-2869",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "57321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57321"
},
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2014:0288",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0288.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gnutls.org/security.html#GNUTLS-SA-2014-2"
},
{
"name": "SUSE-SU-2014:0445",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html"
},
{
"name": "57274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57274"
},
{
"name": "SUSE-SU-2014:0319",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html"
},
{
"name": "RHSA-2014:0247",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0247.html"
},
{
"name": "65919",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65919"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "SUSE-SU-2014:0322",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"name": "SUSE-SU-2014:0324",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html"
},
{
"name": "57254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57254"
},
{
"name": "RHSA-2014:0339",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0339.html"
},
{
"name": "56933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56933"
},
{
"name": "SUSE-SU-2014:0323",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html"
},
{
"name": "RHSA-2014:0246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0246.html"
},
{
"name": "SUSE-SU-2014:0321",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069865"
},
{
"name": "USN-2127-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2127-1"
},
{
"name": "57204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57204"
},
{
"name": "openSUSE-SU-2014:0346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
},
{
"name": "57103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57103"
},
{
"name": "openSUSE-SU-2014:0328",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html"
},
{
"name": "openSUSE-SU-2014:0325",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html"
},
{
"name": "DSA-2869",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57321"
},
{
"name": "57260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2014:0288",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0288.html"
},
{
"name": "http://gnutls.org/security.html#GNUTLS-SA-2014-2",
"refsource": "CONFIRM",
"url": "http://gnutls.org/security.html#GNUTLS-SA-2014-2"
},
{
"name": "SUSE-SU-2014:0445",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html"
},
{
"name": "57274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57274"
},
{
"name": "SUSE-SU-2014:0319",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html"
},
{
"name": "RHSA-2014:0247",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0247.html"
},
{
"name": "65919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65919"
},
{
"name": "SUSE-SU-2014:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "SUSE-SU-2014:0322",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"name": "SUSE-SU-2014:0324",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html"
},
{
"name": "57254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57254"
},
{
"name": "RHSA-2014:0339",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0339.html"
},
{
"name": "56933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56933"
},
{
"name": "SUSE-SU-2014:0323",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html"
},
{
"name": "RHSA-2014:0246",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0246.html"
},
{
"name": "SUSE-SU-2014:0321",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1069865",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069865"
},
{
"name": "USN-2127-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2127-1"
},
{
"name": "57204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57204"
},
{
"name": "openSUSE-SU-2014:0346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
},
{
"name": "57103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57103"
},
{
"name": "openSUSE-SU-2014:0328",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html"
},
{
"name": "openSUSE-SU-2014:0325",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html"
},
{
"name": "DSA-2869",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0092",
"datePublished": "2014-03-06T18:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4466 (GCVE-0-2013-4466)
Vulnerability from cvelistv5
Published
2013-11-19 19:00
Modified
2024-09-16 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131024 Re: CVE Request: gnutls/libdane buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/2"
},
{
"name": "[gnutls-devel] 20131023 gnutls 3.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3"
},
{
"name": "[gnutls-devel] 20131023 gnutls 3.1.15",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-19T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131024 Re: CVE Request: gnutls/libdane buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/2"
},
{
"name": "[gnutls-devel] 20131023 gnutls 3.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3"
},
{
"name": "[gnutls-devel] 20131023 gnutls 3.1.15",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131024 Re: CVE Request: gnutls/libdane buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/2"
},
{
"name": "[gnutls-devel] 20131023 gnutls 3.2.5",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050"
},
{
"name": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3",
"refsource": "CONFIRM",
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3"
},
{
"name": "[gnutls-devel] 20131023 gnutls 3.1.15",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4466",
"datePublished": "2013-11-19T19:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-16T20:21:16.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0553 (GCVE-0-2024-0553)
Vulnerability from cvelistv5
Published
2024-01-16 11:40
Modified
2025-06-17 21:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-203 - Observable Discrepancy
Summary
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► |
Version: 3.8.0 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
},
{
"name": "RHSA-2024:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"name": "RHSA-2024:0627",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0627"
},
{
"name": "RHSA-2024:0796",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0796"
},
{
"name": "RHSA-2024:1082",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1082"
},
{
"name": "RHSA-2024:1108",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1108"
},
{
"name": "RHSA-2024:1383",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0553"
},
{
"name": "RHBZ#2258412",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240202-0011/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-16T15:03:37.625694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:15.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gnutls.org/download.html",
"defaultStatus": "unaffected",
"packageName": "gnutls",
"versions": [
{
"lessThan": "3.8.3",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-8.el8_9.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-8.el8_9.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream",
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-7.el8_8.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.6-23.el9_3.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.6-23.el9_3.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.2::baseos",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.6-21.el9_2.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/cephcsi-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-37",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/mcg-core-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-68",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/mcg-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/mcg-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-39",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-client-console-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-58",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-client-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-client-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-metrics-exporter-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-81",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-79",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-cli-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-console-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-57",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-cosi-sidecar-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-csi-addons-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-csi-addons-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-csi-addons-sidecar-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-multicluster-console-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-54",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-multicluster-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-multicluster-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-must-gather-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-26",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odr-cluster-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odr-hub-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odr-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-21",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/rook-ceph-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-103",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-407",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-479",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-247",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-227",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-470",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-24",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-525",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-224",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-56",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2024-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T00:10:16.608Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"name": "RHSA-2024:0627",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0627"
},
{
"name": "RHSA-2024:0796",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0796"
},
{
"name": "RHSA-2024:1082",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1082"
},
{
"name": "RHSA-2024:1108",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1108"
},
{
"name": "RHSA-2024:1383",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0553"
},
{
"name": "RHBZ#2258412",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"
},
{
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"
},
{
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-15T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Gnutls: incomplete fix for cve-2023-5981",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-1300-\u003eCWE-203: Improper Protection of Physical Side Channels leads to Observable Discrepancy"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0553",
"datePublished": "2024-01-16T11:40:50.677Z",
"dateReserved": "2024-01-15T04:35:34.146Z",
"dateUpdated": "2025-06-17T21:19:15.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1573 (GCVE-0-2012-1573)
Vulnerability from cvelistv5
Published
2012-03-26 19:00
Modified
2024-08-06 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1418-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1418-1"
},
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "[gnutls-devel] 20120302 gnutls 3.0.15",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432"
},
{
"name": "48511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48511"
},
{
"name": "80259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80259"
},
{
"name": "52667",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52667"
},
{
"name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"name": "48488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48488"
},
{
"name": "48712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "1026828",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026828"
},
{
"name": "FEDORA-2012-4569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
},
{
"name": "FEDORA-2012-4578",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "48596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48596"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d"
},
{
"name": "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/4"
},
{
"name": "[gnutls-devel] 20120302 gnutls 2.12.16",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910"
},
{
"name": "DSA-2441",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2441"
},
{
"name": "MDVSA-2012:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040"
},
{
"name": "RHSA-2012:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
},
{
"name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1418-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1418-1"
},
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "[gnutls-devel] 20120302 gnutls 3.0.15",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432"
},
{
"name": "48511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48511"
},
{
"name": "80259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80259"
},
{
"name": "52667",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52667"
},
{
"name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"name": "48488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48488"
},
{
"name": "48712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "1026828",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026828"
},
{
"name": "FEDORA-2012-4569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
},
{
"name": "FEDORA-2012-4578",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "48596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48596"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d"
},
{
"name": "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/4"
},
{
"name": "[gnutls-devel] 20120302 gnutls 2.12.16",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910"
},
{
"name": "DSA-2441",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2441"
},
{
"name": "MDVSA-2012:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040"
},
{
"name": "RHSA-2012:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
},
{
"name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1418-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1418-1"
},
{
"name": "57260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2012:0531",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "[gnutls-devel] 20120302 gnutls 3.0.15",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=805432",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432"
},
{
"name": "48511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48511"
},
{
"name": "80259",
"refsource": "OSVDB",
"url": "http://osvdb.org/80259"
},
{
"name": "52667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52667"
},
{
"name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"name": "48488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48488"
},
{
"name": "48712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48712"
},
{
"name": "http://www.gnu.org/software/gnutls/security.html",
"refsource": "CONFIRM",
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "1026828",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026828"
},
{
"name": "FEDORA-2012-4569",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
},
{
"name": "FEDORA-2012-4578",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html"
},
{
"name": "RHSA-2012:0488",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "SUSE-SU-2014:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "48596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48596"
},
{
"name": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
"refsource": "MISC",
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d"
},
{
"name": "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/4"
},
{
"name": "[gnutls-devel] 20120302 gnutls 2.12.16",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910"
},
{
"name": "DSA-2441",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2441"
},
{
"name": "MDVSA-2012:040",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040"
},
{
"name": "RHSA-2012:0429",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
},
{
"name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1573",
"datePublished": "2012-03-26T19:00:00",
"dateReserved": "2012-03-12T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5337 (GCVE-0-2017-5337)
Vulnerability from cvelistv5
Published
2017-03-24 15:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "1037576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"name": "openSUSE-SU-2017:0386",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "95372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95372"
},
{
"name": "RHSA-2017:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "GLSA-201702-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "1037576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"name": "openSUSE-SU-2017:0386",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "95372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95372"
},
{
"name": "RHSA-2017:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "GLSA-201702-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-5337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"name": "RHSA-2017:2292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "1037576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037576"
},
{
"name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"name": "openSUSE-SU-2017:0386",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "95372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95372"
},
{
"name": "RHSA-2017:0574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "GLSA-201702-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"name": "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
"refsource": "CONFIRM",
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
},
{
"name": "https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-5337",
"datePublished": "2017-03-24T15:00:00",
"dateReserved": "2017-01-10T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7507 (GCVE-0-2017-7507)
Vulnerability from cvelistv5
Published
2017-06-16 19:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- NULL pointer dereference
Summary
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99102",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99102"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4"
},
{
"name": "DSA-3884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnutls",
"vendor": "GnuTLS",
"versions": [
{
"status": "affected",
"version": "3.5.12"
}
]
}
],
"datePublic": "2017-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL pointer dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "99102",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99102"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4"
},
{
"name": "DSA-3884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3884"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7507",
"datePublished": "2017-06-16T19:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5981 (GCVE-0-2023-5981)
Vulnerability from cvelistv5
Published
2023-11-28 11:49
Modified
2024-11-23 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-203 - Observable Discrepancy
Summary
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:3.6.16-8.el8_9 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
},
{
"name": "RHSA-2024:0155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0155"
},
{
"name": "RHSA-2024:0319",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0319"
},
{
"name": "RHSA-2024:0399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0399"
},
{
"name": "RHSA-2024:0451",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0451"
},
{
"name": "RHSA-2024:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"name": "RHSA-2024:1383",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5981"
},
{
"name": "RHBZ#2248445",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248445"
},
{
"tags": [
"x_transferred"
],
"url": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-8.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-8.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream",
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-5.el8_6.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-7.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.6-23.el9_3.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.6-23.el9_3.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.6-21.el9_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/cephcsi-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-37",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/mcg-core-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-68",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/mcg-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/mcg-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-39",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-client-console-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-58",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-client-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-client-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-metrics-exporter-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-81",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/ocs-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-79",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-cli-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-console-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-57",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-cosi-sidecar-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-csi-addons-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-csi-addons-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-csi-addons-sidecar-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-multicluster-console-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-54",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-multicluster-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-multicluster-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-must-gather-rhel9",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-26",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odr-cluster-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odr-hub-operator-bundle",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-158",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/odr-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-21",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "odf4/rook-ceph-rhel9-operator",
"product": "RHODF-4.15-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.15.0-103",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-407",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-479",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-247",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-227",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-470",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-24",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-525",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-224",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-56",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Daiki Ueno (Red Hat)."
}
],
"datePublic": "2023-11-15T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T00:09:08.520Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0155"
},
{
"name": "RHSA-2024:0319",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0319"
},
{
"name": "RHSA-2024:0399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0399"
},
{
"name": "RHSA-2024:0451",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0451"
},
{
"name": "RHSA-2024:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"name": "RHSA-2024:1383",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5981"
},
{
"name": "RHBZ#2248445",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248445"
},
{
"url": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-07T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-11-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Gnutls: timing side-channel in the rsa-psk authentication",
"workarounds": [
{
"lang": "en",
"value": "To address the issue found upgrade to GnuTLS 3.8.2 or later versions."
}
],
"x_redhatCweChain": "CWE-1300-\u003eCWE-203: Improper Protection of Physical Side Channels leads to Observable Discrepancy"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5981",
"datePublished": "2023-11-28T11:49:50.138Z",
"dateReserved": "2023-11-07T08:05:10.875Z",
"dateUpdated": "2024-11-23T00:09:08.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4790 (GCVE-0-2006-4790)
Vulnerability from cvelistv5
Published
2006-09-14 19:00
Modified
2024-08-07 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25762",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25762"
},
{
"name": "22992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22992"
},
{
"name": "21937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21937"
},
{
"name": "22049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22049"
},
{
"name": "1016844",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016844"
},
{
"name": "ADV-2006-3899",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3899"
},
{
"name": "20027",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20027"
},
{
"name": "SUSE-SR:2006:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name": "MDKSA-2006:166",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:166"
},
{
"name": "RHSA-2006:0680",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0680.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "oval:org.mitre.oval:def:9937",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937"
},
{
"name": "102970",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1"
},
{
"name": "ADV-2006-3635",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3635"
},
{
"name": "21942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21942"
},
{
"name": "[gnutls-dev] 20060908 Variant of Bleichenbacher\u0027s crypto 06 rump session attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html"
},
{
"name": "22080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22080"
},
{
"name": "GLSA-200609-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-15.xml"
},
{
"name": "SUSE-SA:2007:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
},
{
"name": "DSA-1182",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1182"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
},
{
"name": "gnutls-rsakey-security-bypass(28953)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28953"
},
{
"name": "102648",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
},
{
"name": "21973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21973"
},
{
"name": "22226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22226"
},
{
"name": "22084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22084"
},
{
"name": "[gnutls-dev] 20060912 Re: Variant of Bleichenbacher\u0027s crypto 06 rump session attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html"
},
{
"name": "USN-348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-348-1"
},
{
"name": "ADV-2007-2289",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2289"
},
{
"name": "22097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "25762",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25762"
},
{
"name": "22992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22992"
},
{
"name": "21937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21937"
},
{
"name": "22049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22049"
},
{
"name": "1016844",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016844"
},
{
"name": "ADV-2006-3899",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3899"
},
{
"name": "20027",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20027"
},
{
"name": "SUSE-SR:2006:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name": "MDKSA-2006:166",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:166"
},
{
"name": "RHSA-2006:0680",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0680.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "oval:org.mitre.oval:def:9937",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937"
},
{
"name": "102970",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1"
},
{
"name": "ADV-2006-3635",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3635"
},
{
"name": "21942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21942"
},
{
"name": "[gnutls-dev] 20060908 Variant of Bleichenbacher\u0027s crypto 06 rump session attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html"
},
{
"name": "22080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22080"
},
{
"name": "GLSA-200609-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-15.xml"
},
{
"name": "SUSE-SA:2007:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html"
},
{
"name": "DSA-1182",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1182"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
},
{
"name": "gnutls-rsakey-security-bypass(28953)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28953"
},
{
"name": "102648",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
},
{
"name": "21973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21973"
},
{
"name": "22226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22226"
},
{
"name": "22084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22084"
},
{
"name": "[gnutls-dev] 20060912 Re: Variant of Bleichenbacher\u0027s crypto 06 rump session attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html"
},
{
"name": "USN-348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-348-1"
},
{
"name": "ADV-2007-2289",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2289"
},
{
"name": "22097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22097"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-4790",
"datePublished": "2006-09-14T19:00:00",
"dateReserved": "2006-09-13T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10844 (GCVE-0-2018-10844)
Vulnerability from cvelistv5
Published
2018-08-22 13:00
Modified
2024-08-05 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eprint.iacr.org/2018/747"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "105138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844"
},
{
"name": "RHSA-2018:3050",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "FEDORA-2020-f90fb78f70",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"name": "FEDORA-2020-d14280a6e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnutls",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-08T05:06:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eprint.iacr.org/2018/747"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "105138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844"
},
{
"name": "RHSA-2018:3050",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "FEDORA-2020-f90fb78f70",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"name": "FEDORA-2020-d14280a6e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10844",
"datePublished": "2018-08-22T13:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2116 (GCVE-0-2013-2116)
Vulnerability from cvelistv5
Published
2013-07-03 18:00
Modified
2024-08-06 15:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "SUSE-SU-2013:1060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html"
},
{
"name": "57274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57274"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "SUSE-SU-2014:0322",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"name": "MDVSA-2013:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:171"
},
{
"name": "RHSA-2013:0883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0883.html"
},
{
"name": "DSA-2697",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2697"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-2"
},
{
"name": "53911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53911"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d"
},
{
"name": "USN-1843-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1843-1"
},
{
"name": "1028603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-18T11:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "SUSE-SU-2013:1060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html"
},
{
"name": "57274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57274"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "SUSE-SU-2014:0322",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"name": "MDVSA-2013:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:171"
},
{
"name": "RHSA-2013:0883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0883.html"
},
{
"name": "DSA-2697",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2697"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-2"
},
{
"name": "53911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53911"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d"
},
{
"name": "USN-1843-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1843-1"
},
{
"name": "1028603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2116",
"datePublished": "2013-07-03T18:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:40.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3468 (GCVE-0-2014-3468)
Vulnerability from cvelistv5
Published
2014-06-05 20:00
Modified
2024-08-06 10:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61888"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
},
{
"name": "58591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58614"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61888"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
},
{
"name": "58591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58614"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"name": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015302",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61888"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0247.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015303",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
},
{
"name": "58591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58614"
},
{
"name": "SUSE-SU-2014:0788",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3468",
"datePublished": "2014-06-05T20:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20231 (GCVE-0-2021-20231)
Vulnerability from cvelistv5
Published
2021-03-12 18:23
Modified
2024-08-03 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922276"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
},
{
"name": "FEDORA-2021-18bef34f05",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/"
},
{
"name": "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0005/"
},
{
"name": "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnutls",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "gnutls 3.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T09:06:16",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922276"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
},
{
"name": "FEDORA-2021-18bef34f05",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/"
},
{
"name": "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0005/"
},
{
"name": "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gnutls",
"version": {
"version_data": [
{
"version_value": "gnutls 3.7.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1922276",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922276"
},
{
"name": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
"refsource": "MISC",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
},
{
"name": "FEDORA-2021-18bef34f05",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/"
},
{
"name": "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210416-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210416-0005/"
},
{
"name": "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20231",
"datePublished": "2021-03-12T18:23:59",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11501 (GCVE-0-2020-11501)
Vulnerability from cvelistv5
Published
2020-04-03 12:42
Modified
2024-08-04 11:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:12.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-202004-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202004-06"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/960"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31"
},
{
"name": "DSA-4652",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4652"
},
{
"name": "openSUSE-SU-2020:0501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200416-0002/"
},
{
"name": "USN-4322-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4322-1/"
},
{
"name": "FEDORA-2020-f90fb78f70",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"name": "FEDORA-2020-d14280a6e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 \u0027\\0\u0027 bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T22:36:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-202004-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202004-06"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/960"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31"
},
{
"name": "DSA-4652",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4652"
},
{
"name": "openSUSE-SU-2020:0501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200416-0002/"
},
{
"name": "USN-4322-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4322-1/"
},
{
"name": "FEDORA-2020-f90fb78f70",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"name": "FEDORA-2020-d14280a6e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 \u0027\\0\u0027 bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-202004-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202004-06"
},
{
"name": "https://gitlab.com/gnutls/gnutls/-/issues/960",
"refsource": "MISC",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/960"
},
{
"name": "https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2",
"refsource": "MISC",
"url": "https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2"
},
{
"name": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31",
"refsource": "MISC",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31"
},
{
"name": "DSA-4652",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4652"
},
{
"name": "openSUSE-SU-2020:0501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200416-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200416-0002/"
},
{
"name": "USN-4322-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4322-1/"
},
{
"name": "FEDORA-2020-f90fb78f70",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"name": "FEDORA-2020-d14280a6e8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11501",
"datePublished": "2020-04-03T12:42:28",
"dateReserved": "2020-04-03T00:00:00",
"dateUpdated": "2024-08-04T11:35:12.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3308 (GCVE-0-2015-3308)
Vulnerability from cvelistv5
Published
2015-09-02 14:00
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-5131",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html"
},
{
"name": "[oss-security] 20150416 Re: double-free in gnutls (CRL distribution points parsing)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/16/6"
},
{
"name": "USN-2727-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2727-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-4"
},
{
"name": "74188",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9"
},
{
"name": "[oss-security] 20150415 double-free in gnutls (CRL distribution points parsing)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/15/6"
},
{
"name": "GLSA-201506-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201506-03"
},
{
"name": "1033774",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2015-5131",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html"
},
{
"name": "[oss-security] 20150416 Re: double-free in gnutls (CRL distribution points parsing)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/16/6"
},
{
"name": "USN-2727-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2727-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-4"
},
{
"name": "74188",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9"
},
{
"name": "[oss-security] 20150415 double-free in gnutls (CRL distribution points parsing)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/15/6"
},
{
"name": "GLSA-201506-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201506-03"
},
{
"name": "1033774",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-5131",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html"
},
{
"name": "[oss-security] 20150416 Re: double-free in gnutls (CRL distribution points parsing)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/16/6"
},
{
"name": "USN-2727-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2727-1"
},
{
"name": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-4",
"refsource": "CONFIRM",
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2015-4"
},
{
"name": "74188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74188"
},
{
"name": "https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9"
},
{
"name": "[oss-security] 20150415 double-free in gnutls (CRL distribution points parsing)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/15/6"
},
{
"name": "GLSA-201506-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201506-03"
},
{
"name": "1033774",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033774"
},
{
"name": "https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3308",
"datePublished": "2015-09-02T14:00:00",
"dateReserved": "2015-04-16T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5335 (GCVE-0-2017-5335)
Vulnerability from cvelistv5
Published
2017-03-24 15:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "1037576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337"
},
{
"name": "openSUSE-SU-2017:0386",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "RHSA-2017:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "GLSA-201702-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a"
},
{
"name": "95374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "1037576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337"
},
{
"name": "openSUSE-SU-2017:0386",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "RHSA-2017:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "GLSA-201702-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a"
},
{
"name": "95374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-5335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"name": "RHSA-2017:2292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "1037576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037576"
},
{
"name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337"
},
{
"name": "openSUSE-SU-2017:0386",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "RHSA-2017:0574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "GLSA-201702-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"name": "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
"refsource": "CONFIRM",
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
},
{
"name": "https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a"
},
{
"name": "95374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-5335",
"datePublished": "2017-03-24T15:00:00",
"dateReserved": "2017-01-10T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7869 (GCVE-0-2017-7869)
Vulnerability from cvelistv5
Published
2017-04-14 04:30
Modified
2024-08-05 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gnutls.org/security.html"
},
{
"name": "97040",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor\u0027s GNUTLS-SA-2017-3 report) is fixed in 3.5.10."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gnutls.org/security.html"
},
{
"name": "97040",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor\u0027s GNUTLS-SA-2017-3 report) is fixed in 3.5.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420"
},
{
"name": "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe",
"refsource": "MISC",
"url": "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe"
},
{
"name": "RHSA-2017:2292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "https://www.gnutls.org/security.html",
"refsource": "CONFIRM",
"url": "https://www.gnutls.org/security.html"
},
{
"name": "97040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7869",
"datePublished": "2017-04-14T04:30:00",
"dateReserved": "2017-04-14T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1569 (GCVE-0-2012-1569)
Vulnerability from cvelistv5
Published
2012-03-26 19:00
Modified
2024-08-06 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2012:0427",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0427.html"
},
{
"name": "48578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48578"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "49002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49002"
},
{
"name": "FEDORA-2012-4357",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html"
},
{
"name": "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/8"
},
{
"name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"name": "48488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48488"
},
{
"name": "USN-1436-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1436-1"
},
{
"name": "FEDORA-2012-4342",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html"
},
{
"name": "FEDORA-2012-4451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "FEDORA-2012-4308",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "[gnutls-devel] 20120316 gnutls 3.0.16",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932"
},
{
"name": "1026829",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "48596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48596"
},
{
"name": "50739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50739"
},
{
"name": "48397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48397"
},
{
"name": "48505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48505"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"name": "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53"
},
{
"name": "[help-libtasn1] 20120319 minimal fix to security issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54"
},
{
"name": "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/3"
},
{
"name": "DSA-2440",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2440"
},
{
"name": "MDVSA-2012:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039"
},
{
"name": "FEDORA-2012-4409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html"
},
{
"name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
},
{
"name": "FEDORA-2012-4417",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2012:0427",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0427.html"
},
{
"name": "48578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48578"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "49002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49002"
},
{
"name": "FEDORA-2012-4357",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html"
},
{
"name": "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/8"
},
{
"name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"name": "48488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48488"
},
{
"name": "USN-1436-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1436-1"
},
{
"name": "FEDORA-2012-4342",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html"
},
{
"name": "FEDORA-2012-4451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920"
},
{
"name": "RHSA-2012:0488",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "FEDORA-2012-4308",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "[gnutls-devel] 20120316 gnutls 3.0.16",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932"
},
{
"name": "1026829",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "48596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48596"
},
{
"name": "50739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50739"
},
{
"name": "48397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48397"
},
{
"name": "48505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48505"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"name": "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53"
},
{
"name": "[help-libtasn1] 20120319 minimal fix to security issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54"
},
{
"name": "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/3"
},
{
"name": "DSA-2440",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2440"
},
{
"name": "MDVSA-2012:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039"
},
{
"name": "FEDORA-2012-4409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html"
},
{
"name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
},
{
"name": "FEDORA-2012-4417",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2012:0427",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0427.html"
},
{
"name": "48578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48578"
},
{
"name": "RHSA-2012:0531",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "49002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49002"
},
{
"name": "FEDORA-2012-4357",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html"
},
{
"name": "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/8"
},
{
"name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
},
{
"name": "48488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48488"
},
{
"name": "USN-1436-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1436-1"
},
{
"name": "FEDORA-2012-4342",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html"
},
{
"name": "FEDORA-2012-4451",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html"
},
{
"name": "http://www.gnu.org/software/gnutls/security.html",
"refsource": "CONFIRM",
"url": "http://www.gnu.org/software/gnutls/security.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=804920",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920"
},
{
"name": "RHSA-2012:0488",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "FEDORA-2012-4308",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html"
},
{
"name": "SUSE-SU-2014:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "[gnutls-devel] 20120316 gnutls 3.0.16",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932"
},
{
"name": "1026829",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026829"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "48596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48596"
},
{
"name": "50739",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50739"
},
{
"name": "48397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48397"
},
{
"name": "48505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48505"
},
{
"name": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
"refsource": "MISC",
"url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
},
{
"name": "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53"
},
{
"name": "[help-libtasn1] 20120319 minimal fix to security issue",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54"
},
{
"name": "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/3"
},
{
"name": "DSA-2440",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2440"
},
{
"name": "MDVSA-2012:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039"
},
{
"name": "FEDORA-2012-4409",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html"
},
{
"name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
},
{
"name": "FEDORA-2012-4417",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1569",
"datePublished": "2012-03-26T19:00:00",
"dateReserved": "2012-03-12T00:00:00",
"dateUpdated": "2024-08-06T19:01:02.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7444 (GCVE-0-2016-7444)
Vulnerability from cvelistv5
Published
2016-09-27 15:00
Modified
2024-08-06 01:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92893"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "openSUSE-SU-2017:0386",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "[gnutls-devel] 20160902 OCSP certificate check",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gnutls.org/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "92893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92893"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "openSUSE-SU-2017:0386",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "[gnutls-devel] 20160902 OCSP certificate check",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gnutls.org/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-7444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92893"
},
{
"name": "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9"
},
{
"name": "RHSA-2017:2292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "openSUSE-SU-2017:0386",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "[gnutls-devel] 20160902 OCSP certificate check",
"refsource": "MLIST",
"url": "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html"
},
{
"name": "https://www.gnutls.org/security.html",
"refsource": "CONFIRM",
"url": "https://www.gnutls.org/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-7444",
"datePublished": "2016-09-27T15:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2509 (GCVE-0-2022-2509)
Vulnerability from cvelistv5
Published
2022-08-01 14:01
Modified
2024-08-03 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Double Free
Summary
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-2509"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html"
},
{
"name": "DSA-5203",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5203"
},
{
"name": "[debian-lts-announce] 20220812 [SECURITY] [DLA 3070-1] gnutls28 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html"
},
{
"name": "FEDORA-2022-5470992bfc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GnuTLS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "gnutls 3.7.7(Fixed)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Double Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T04:06:13",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-2509"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html"
},
{
"name": "DSA-5203",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5203"
},
{
"name": "[debian-lts-announce] 20220812 [SECURITY] [DLA 3070-1] gnutls28 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html"
},
{
"name": "FEDORA-2022-5470992bfc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-2509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GnuTLS",
"version": {
"version_data": [
{
"version_value": "gnutls 3.7.7(Fixed)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/security/cve/CVE-2022-2509",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2022-2509"
},
{
"name": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html",
"refsource": "MISC",
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html"
},
{
"name": "DSA-5203",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5203"
},
{
"name": "[debian-lts-announce] 20220812 [SECURITY] [DLA 3070-1] gnutls28 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html"
},
{
"name": "FEDORA-2022-5470992bfc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2509",
"datePublished": "2022-08-01T14:01:10",
"dateReserved": "2022-07-22T00:00:00",
"dateUpdated": "2024-08-03T00:39:07.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24659 (GCVE-0-2020-24659)
Vulnerability from cvelistv5
Published
2020-09-04 14:03
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:08.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1071"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04"
},
{
"name": "GLSA-202009-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202009-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200911-0006/"
},
{
"name": "FEDORA-2020-0ab6656303",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/"
},
{
"name": "USN-4491-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4491-1/"
},
{
"name": "FEDORA-2020-de51ee7cc9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/"
},
{
"name": "openSUSE-SU-2020:1724",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html"
},
{
"name": "openSUSE-SU-2020:1743",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application\u0027s error handling path, where the gnutls_deinit function is called after detecting a handshake failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-26T15:07:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1071"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04"
},
{
"name": "GLSA-202009-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202009-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200911-0006/"
},
{
"name": "FEDORA-2020-0ab6656303",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/"
},
{
"name": "USN-4491-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4491-1/"
},
{
"name": "FEDORA-2020-de51ee7cc9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/"
},
{
"name": "openSUSE-SU-2020:1724",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html"
},
{
"name": "openSUSE-SU-2020:1743",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application\u0027s error handling path, where the gnutls_deinit function is called after detecting a handshake failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gnutls/gnutls/-/issues/1071",
"refsource": "MISC",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1071"
},
{
"name": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04",
"refsource": "MISC",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04"
},
{
"name": "GLSA-202009-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202009-01"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200911-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200911-0006/"
},
{
"name": "FEDORA-2020-0ab6656303",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/"
},
{
"name": "USN-4491-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4491-1/"
},
{
"name": "FEDORA-2020-de51ee7cc9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/"
},
{
"name": "openSUSE-SU-2020:1724",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html"
},
{
"name": "openSUSE-SU-2020:1743",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24659",
"datePublished": "2020-09-04T14:03:36",
"dateReserved": "2020-08-26T00:00:00",
"dateUpdated": "2024-08-04T15:19:08.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3469 (GCVE-0-2014-3469)
Vulnerability from cvelistv5
Published
2014-06-05 20:00
Modified
2024-08-06 10:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61888"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329"
},
{
"name": "RHSA-2014:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "58591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58614"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61888"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329"
},
{
"name": "RHSA-2014:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "58591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58614"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015302",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61888"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0247.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329"
},
{
"name": "RHSA-2014:0596",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015303",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "58591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58614"
},
{
"name": "SUSE-SU-2014:0788",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3469",
"datePublished": "2014-06-05T20:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1619 (GCVE-0-2013-1619)
Vulnerability from cvelistv5
Published
2013-02-08 19:00
Modified
2024-08-06 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:49.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57260"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "57274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57274"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "SUSE-SU-2014:0322",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html"
},
{
"name": "USN-1752-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1752-1"
},
{
"name": "openSUSE-SU-2013:0807",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html"
},
{
"name": "openSUSE-SU-2014:0346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
},
{
"name": "RHSA-2013:0588",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0588.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-18T11:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57260"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "57274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57274"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "SUSE-SU-2014:0322",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html"
},
{
"name": "USN-1752-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1752-1"
},
{
"name": "openSUSE-SU-2013:0807",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html"
},
{
"name": "openSUSE-SU-2014:0346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
},
{
"name": "RHSA-2013:0588",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0588.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57260"
},
{
"name": "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0",
"refsource": "CONFIRM",
"url": "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0"
},
{
"name": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1",
"refsource": "CONFIRM",
"url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1"
},
{
"name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
"refsource": "MISC",
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "57274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57274"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "SUSE-SU-2014:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "SUSE-SU-2014:0322",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"name": "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html",
"refsource": "CONFIRM",
"url": "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html"
},
{
"name": "USN-1752-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1752-1"
},
{
"name": "openSUSE-SU-2013:0807",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html"
},
{
"name": "openSUSE-SU-2014:0346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
},
{
"name": "RHSA-2013:0588",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0588.html"
},
{
"name": "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198",
"refsource": "CONFIRM",
"url": "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1619",
"datePublished": "2013-02-08T19:00:00",
"dateReserved": "2013-02-05T00:00:00",
"dateUpdated": "2024-08-06T15:04:49.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13777 (GCVE-0-2020-13777)
Vulnerability from cvelistv5
Published
2020-06-04 07:01
Modified
2024-08-04 12:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03"
},
{
"name": "DSA-4697",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4697"
},
{
"name": "FEDORA-2020-0cce3578e2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/"
},
{
"name": "GLSA-202006-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-01"
},
{
"name": "USN-4384-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4384-1/"
},
{
"name": "openSUSE-SU-2020:0790",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html"
},
{
"name": "FEDORA-2020-76b705bb63",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/"
},
{
"name": "FEDORA-2020-ea11cb5ccc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/"
},
{
"name": "FEDORA-2020-4f78f122a3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200619-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-19T10:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03"
},
{
"name": "DSA-4697",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4697"
},
{
"name": "FEDORA-2020-0cce3578e2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/"
},
{
"name": "GLSA-202006-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-01"
},
{
"name": "USN-4384-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4384-1/"
},
{
"name": "openSUSE-SU-2020:0790",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html"
},
{
"name": "FEDORA-2020-76b705bb63",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/"
},
{
"name": "FEDORA-2020-ea11cb5ccc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/"
},
{
"name": "FEDORA-2020-4f78f122a3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200619-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03",
"refsource": "CONFIRM",
"url": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03"
},
{
"name": "DSA-4697",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4697"
},
{
"name": "FEDORA-2020-0cce3578e2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/"
},
{
"name": "GLSA-202006-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-01"
},
{
"name": "USN-4384-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4384-1/"
},
{
"name": "openSUSE-SU-2020:0790",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html"
},
{
"name": "FEDORA-2020-76b705bb63",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/"
},
{
"name": "FEDORA-2020-ea11cb5ccc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/"
},
{
"name": "FEDORA-2020-4f78f122a3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200619-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200619-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13777",
"datePublished": "2020-06-04T07:01:07",
"dateReserved": "2020-06-03T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5138 (GCVE-0-2009-5138)
Vulnerability from cvelistv5
Published
2014-03-06 18:00
Modified
2024-08-07 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:22.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57321"
},
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "SUSE-SU-2014:0445",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html"
},
{
"name": "57274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57274"
},
{
"name": "SUSE-SU-2014:0319",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html"
},
{
"name": "[oss-security] 20140225 Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.security.oss.general/12223"
},
{
"name": "RHSA-2014:0247",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0247.html"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "SUSE-SU-2014:0322",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"name": "[gnutls-devel] 20090109 Re: gnutls fails to use Verisign CA cert without a Basic Constraint",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd"
},
{
"name": "57254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57254"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069301"
},
{
"name": "[oss-security] 20140227 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.comp.security.oss.general/12127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-27T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "57321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57321"
},
{
"name": "57260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57260"
},
{
"name": "SUSE-SU-2014:0445",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html"
},
{
"name": "57274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57274"
},
{
"name": "SUSE-SU-2014:0319",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html"
},
{
"name": "[oss-security] 20140225 Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.security.oss.general/12223"
},
{
"name": "RHSA-2014:0247",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0247.html"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "SUSE-SU-2014:0322",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"name": "[gnutls-devel] 20090109 Re: gnutls fails to use Verisign CA cert without a Basic Constraint",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd"
},
{
"name": "57254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57254"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069301"
},
{
"name": "[oss-security] 20140227 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://thread.gmane.org/gmane.comp.security.oss.general/12127"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-5138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57321"
},
{
"name": "57260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57260"
},
{
"name": "SUSE-SU-2014:0445",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html"
},
{
"name": "57274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57274"
},
{
"name": "SUSE-SU-2014:0319",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html"
},
{
"name": "[oss-security] 20140225 Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.security.oss.general/12223"
},
{
"name": "RHSA-2014:0247",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0247.html"
},
{
"name": "SUSE-SU-2014:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "SUSE-SU-2014:0322",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"name": "[gnutls-devel] 20090109 Re: gnutls fails to use Verisign CA cert without a Basic Constraint",
"refsource": "MLIST",
"url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361"
},
{
"name": "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd",
"refsource": "CONFIRM",
"url": "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd"
},
{
"name": "57254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57254"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1069301",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069301"
},
{
"name": "[oss-security] 20140227 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
"refsource": "MLIST",
"url": "http://thread.gmane.org/gmane.comp.security.oss.general/12127"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-5138",
"datePublished": "2014-03-06T18:00:00",
"dateReserved": "2014-02-26T00:00:00",
"dateUpdated": "2024-08-07T07:32:22.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20232 (GCVE-0-2021-20232)
Vulnerability from cvelistv5
Published
2021-03-12 18:25
Modified
2024-08-03 17:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:22.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922275"
},
{
"name": "FEDORA-2021-18bef34f05",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/"
},
{
"name": "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0005/"
},
{
"name": "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnutls",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "gnutls 3.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T09:06:16",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922275"
},
{
"name": "FEDORA-2021-18bef34f05",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/"
},
{
"name": "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0005/"
},
{
"name": "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gnutls",
"version": {
"version_data": [
{
"version_value": "gnutls 3.7.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
"refsource": "MISC",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1922275",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922275"
},
{
"name": "FEDORA-2021-18bef34f05",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/"
},
{
"name": "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210416-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210416-0005/"
},
{
"name": "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20232",
"datePublished": "2021-03-12T18:25:29",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:22.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16868 (GCVE-0-2018-16868)
Vulnerability from cvelistv5
Published
2018-12-03 14:00
Modified
2024-08-05 10:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:54.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106080",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106080"
},
{
"name": "openSUSE-SU-2019:1353",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "openSUSE-SU-2019:1477",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cat.eyalro.net/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnutls",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T18:00:57",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "106080",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106080"
},
{
"name": "openSUSE-SU-2019:1353",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "openSUSE-SU-2019:1477",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cat.eyalro.net/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16868",
"datePublished": "2018-12-03T14:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:32:54.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5334 (GCVE-0-2017-5334)
Vulnerability from cvelistv5
Published
2017-03-24 15:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "1037576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-1"
},
{
"name": "openSUSE-SU-2017:0386",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "95370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95370"
},
{
"name": "GLSA-201702-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "1037576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-1"
},
{
"name": "openSUSE-SU-2017:0386",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "95370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95370"
},
{
"name": "GLSA-201702-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-5334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"name": "RHSA-2017:2292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "1037576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037576"
},
{
"name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"name": "https://gnutls.org/security.html#GNUTLS-SA-2017-1",
"refsource": "CONFIRM",
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-1"
},
{
"name": "openSUSE-SU-2017:0386",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "95370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95370"
},
{
"name": "GLSA-201702-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"name": "https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-5334",
"datePublished": "2017-03-24T15:00:00",
"dateReserved": "2017-01-10T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1390 (GCVE-0-2009-1390)
Vulnerability from cvelistv5
Published
2009-06-16 20:26
Modified
2024-08-07 05:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35288",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35288"
},
{
"name": "FEDORA-2009-6465",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a"
},
{
"name": "mutt-x509-security-bypass(51068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770"
},
{
"name": "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/06/10/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "35288",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35288"
},
{
"name": "FEDORA-2009-6465",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a"
},
{
"name": "mutt-x509-security-bypass(51068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770"
},
{
"name": "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/06/10/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1390",
"datePublished": "2009-06-16T20:26:00",
"dateReserved": "2009-04-23T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1948 (GCVE-0-2008-1948)
Vulnerability from cvelistv5
Published
2008-05-21 10:00
Modified
2024-08-07 08:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30331"
},
{
"name": "31939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31939"
},
{
"name": "USN-613-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"name": "SUSE-SA:2008:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"name": "RHSA-2008:0492",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"name": "GLSA-200805-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"name": "30355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30355"
},
{
"name": "30317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30317"
},
{
"name": "20080520 Vulnerability Advisory on GnuTLS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"name": "RHSA-2008:0489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"name": "20080522 rPSA-2008-0174-1 gnutls",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"name": "gnutls-gnutlsservernamerecvparams-bo(42532)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42532"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"name": "VU#111034",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/111034"
},
{
"name": "30324",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30324"
},
{
"name": "30302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30302"
},
{
"name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"name": "ADV-2008-1583",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"name": "29292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29292"
},
{
"name": "FEDORA-2008-4274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
},
{
"name": "30330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30330"
},
{
"name": "ADV-2008-1582",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"name": "30338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30338"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"name": "DSA-1581",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"name": "FEDORA-2008-4259",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"name": "3902",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"name": "1020057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020057"
},
{
"name": "30287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"name": "oval:org.mitre.oval:def:10935",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"name": "FEDORA-2008-4183",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"name": "MDVSA-2008:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "30331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30331"
},
{
"name": "31939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31939"
},
{
"name": "USN-613-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"name": "SUSE-SA:2008:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"name": "RHSA-2008:0492",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"name": "GLSA-200805-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"name": "30355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30355"
},
{
"name": "30317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30317"
},
{
"name": "20080520 Vulnerability Advisory on GnuTLS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"name": "RHSA-2008:0489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"name": "20080522 rPSA-2008-0174-1 gnutls",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"name": "gnutls-gnutlsservernamerecvparams-bo(42532)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42532"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"name": "VU#111034",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/111034"
},
{
"name": "30324",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30324"
},
{
"name": "30302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30302"
},
{
"name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"name": "ADV-2008-1583",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"name": "29292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29292"
},
{
"name": "FEDORA-2008-4274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
},
{
"name": "30330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30330"
},
{
"name": "ADV-2008-1582",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"name": "30338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30338"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"name": "DSA-1581",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"name": "FEDORA-2008-4259",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"name": "3902",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"name": "1020057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020057"
},
{
"name": "30287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"name": "oval:org.mitre.oval:def:10935",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"name": "FEDORA-2008-4183",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"name": "MDVSA-2008:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-1948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30331"
},
{
"name": "31939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31939"
},
{
"name": "USN-613-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-613-1"
},
{
"name": "SUSE-SA:2008:046",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html"
},
{
"name": "RHSA-2008:0492",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0492.html"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/1"
},
{
"name": "GLSA-200805-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-20.xml"
},
{
"name": "30355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30355"
},
{
"name": "30317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30317"
},
{
"name": "20080520 Vulnerability Advisory on GnuTLS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492282/100/0/threaded"
},
{
"name": "RHSA-2008:0489",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0489.html"
},
{
"name": "20080522 rPSA-2008-0174-1 gnutls",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492464/100/0/threaded"
},
{
"name": "gnutls-gnutlsservernamerecvparams-bo(42532)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42532"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600646\u0026group_id=21558"
},
{
"name": "VU#111034",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/111034"
},
{
"name": "30324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30324"
},
{
"name": "30302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30302"
},
{
"name": "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html"
},
{
"name": "ADV-2008-1583",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1583/references"
},
{
"name": "29292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29292"
},
{
"name": "FEDORA-2008-4274",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html"
},
{
"name": "30330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30330"
},
{
"name": "ADV-2008-1582",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1582/references"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/3"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174"
},
{
"name": "30338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30338"
},
{
"name": "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"
},
{
"name": "DSA-1581",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1581"
},
{
"name": "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/20/2"
},
{
"name": "FEDORA-2008-4259",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html"
},
{
"name": "3902",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3902"
},
{
"name": "https://issues.rpath.com/browse/RPL-2552",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2552"
},
{
"name": "1020057",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020057"
},
{
"name": "30287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30287"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b"
},
{
"name": "oval:org.mitre.oval:def:10935",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935"
},
{
"name": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
"refsource": "MISC",
"url": "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html"
},
{
"name": "FEDORA-2008-4183",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html"
},
{
"name": "MDVSA-2008:106",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1948",
"datePublished": "2008-05-21T10:00:00",
"dateReserved": "2008-04-24T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10846 (GCVE-0-2018-10846)
Vulnerability from cvelistv5
Published
2018-08-22 13:00
Modified
2024-08-05 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eprint.iacr.org/2018/747"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "105138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846"
},
{
"name": "RHSA-2018:3050",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "FEDORA-2020-f90fb78f70",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"name": "FEDORA-2020-d14280a6e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnutls",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-08T05:06:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eprint.iacr.org/2018/747"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "105138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846"
},
{
"name": "RHSA-2018:3050",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "FEDORA-2020-f90fb78f70",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/"
},
{
"name": "FEDORA-2020-d14280a6e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10846",
"datePublished": "2018-08-22T13:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:46:47.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1959 (GCVE-0-2014-1959)
Vulnerability from cvelistv5
Published
2014-03-06 18:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnutls.org/security.html"
},
{
"name": "[oss-security] 20140213 CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/344"
},
{
"name": "[oss-security] 20140213 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/345"
},
{
"name": "65559",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65559"
},
{
"name": "USN-2121-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2121-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c"
},
{
"name": "DSA-2866",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnutls.org/security.html"
},
{
"name": "[oss-security] 20140213 CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/344"
},
{
"name": "[oss-security] 20140213 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/345"
},
{
"name": "65559",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65559"
},
{
"name": "USN-2121-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2121-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c"
},
{
"name": "DSA-2866",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gnutls.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.gnutls.org/security.html"
},
{
"name": "[oss-security] 20140213 CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/344"
},
{
"name": "[oss-security] 20140213 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/345"
},
{
"name": "65559",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65559"
},
{
"name": "USN-2121-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2121-1"
},
{
"name": "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c",
"refsource": "CONFIRM",
"url": "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c"
},
{
"name": "DSA-2866",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1959",
"datePublished": "2014-03-06T18:00:00",
"dateReserved": "2014-02-13T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1431 (GCVE-0-2005-1431)
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-08-07 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15193"
},
{
"name": "RHSA-2005:430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-430.html"
},
{
"name": "16054",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16054"
},
{
"name": "13477",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13477"
},
{
"name": "gnutls-record-parsing-dos(20328)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20328"
},
{
"name": "oval:org.mitre.oval:def:9238",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238"
},
{
"name": "[gnutls-dev] 20050428 GnuTLS 1.2.3 and 1.0.25",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html"
},
{
"name": "1013861",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"record packet parsing\" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15193"
},
{
"name": "RHSA-2005:430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-430.html"
},
{
"name": "16054",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16054"
},
{
"name": "13477",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13477"
},
{
"name": "gnutls-record-parsing-dos(20328)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20328"
},
{
"name": "oval:org.mitre.oval:def:9238",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238"
},
{
"name": "[gnutls-dev] 20050428 GnuTLS 1.2.3 and 1.0.25",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html"
},
{
"name": "1013861",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013861"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"record packet parsing\" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15193",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15193"
},
{
"name": "RHSA-2005:430",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-430.html"
},
{
"name": "16054",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16054"
},
{
"name": "13477",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13477"
},
{
"name": "gnutls-record-parsing-dos(20328)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20328"
},
{
"name": "oval:org.mitre.oval:def:9238",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238"
},
{
"name": "[gnutls-dev] 20050428 GnuTLS 1.2.3 and 1.0.25",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html"
},
{
"name": "1013861",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013861"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1431",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32989 (GCVE-0-2025-32989)
Vulnerability from cvelistv5
Published
2025-07-10 08:05
Modified
2025-07-25 18:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► |
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T20:04:51.314429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T20:06:49.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.gnutls.org/",
"defaultStatus": "unaffected",
"packageName": "libgnutls",
"versions": [
{
"lessThan": "3.8.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2025-07-10T07:54:13.541Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T18:59:40.181Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-32989"
},
{
"name": "RHBZ#2359621",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T01:21:36.512000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-07-10T07:54:13.541000+00:00",
"value": "Made public."
}
],
"title": "Gnutls: vulnerability in gnutls sct extension parsing",
"workarounds": [
{
"lang": "en",
"value": "Currently, no mitigation is available for this vulnerability."
}
],
"x_redhatCweChain": "CWE-295: Improper Certificate Validation"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-32989",
"datePublished": "2025-07-10T08:05:26.307Z",
"dateReserved": "2025-04-15T01:31:12.104Z",
"dateUpdated": "2025-07-25T18:59:40.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3465 (GCVE-0-2014-3465)
Vulnerability from cvelistv5
Published
2014-06-10 14:00
Modified
2024-08-06 10:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[gnutls-help] 20140131 gnutls 3.2.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101734"
},
{
"name": "59086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59086"
},
{
"name": "RHSA-2014:0684",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"name": "openSUSE-SU-2014:0763",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6"
},
{
"name": "openSUSE-SU-2014:0767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"name": "[gnutls-help] 20140131 gnutls 3.1.20",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[gnutls-help] 20140131 gnutls 3.2.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101734"
},
{
"name": "59086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59086"
},
{
"name": "RHSA-2014:0684",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"name": "openSUSE-SU-2014:0763",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6"
},
{
"name": "openSUSE-SU-2014:0767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"name": "[gnutls-help] 20140131 gnutls 3.1.20",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[gnutls-help] 20140131 gnutls 3.2.10",
"refsource": "MLIST",
"url": "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101734",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101734"
},
{
"name": "59086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59086"
},
{
"name": "RHSA-2014:0684",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"name": "openSUSE-SU-2014:0763",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"name": "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6",
"refsource": "CONFIRM",
"url": "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6"
},
{
"name": "openSUSE-SU-2014:0767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"name": "[gnutls-help] 20140131 gnutls 3.1.20",
"refsource": "MLIST",
"url": "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3465",
"datePublished": "2014-06-10T14:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1417 (GCVE-0-2009-1417)
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 05:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gnutls-gnutlscli-spoofing(50261)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50261"
},
{
"name": "1022159",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022159"
},
{
"name": "ADV-2009-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"name": "34783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34783"
},
{
"name": "GLSA-200905-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"name": "[gnutls-devel] 20090430 Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517"
},
{
"name": "34842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34842"
},
{
"name": "35211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35211"
},
{
"name": "MDVSA-2009:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gnutls-gnutlscli-spoofing(50261)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50261"
},
{
"name": "1022159",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022159"
},
{
"name": "ADV-2009-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"name": "34783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34783"
},
{
"name": "GLSA-200905-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"name": "[gnutls-devel] 20090430 Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517"
},
{
"name": "34842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34842"
},
{
"name": "35211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35211"
},
{
"name": "MDVSA-2009:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gnutls-gnutlscli-spoofing(50261)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50261"
},
{
"name": "1022159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022159"
},
{
"name": "ADV-2009-1218",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"name": "34783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34783"
},
{
"name": "GLSA-200905-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"name": "[gnutls-devel] 20090430 Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417]",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517"
},
{
"name": "34842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34842"
},
{
"name": "35211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35211"
},
{
"name": "MDVSA-2009:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1417",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-04-24T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5336 (GCVE-0-2017-5336)
Vulnerability from cvelistv5
Published
2017-03-24 15:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732"
},
{
"name": "95377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95377"
},
{
"name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "1037576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"name": "openSUSE-SU-2017:0386",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340"
},
{
"name": "RHSA-2017:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "GLSA-201702-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732"
},
{
"name": "95377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95377"
},
{
"name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "1037576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037576"
},
{
"name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"name": "openSUSE-SU-2017:0386",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340"
},
{
"name": "RHSA-2017:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "GLSA-201702-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-5336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732"
},
{
"name": "95377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95377"
},
{
"name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"name": "RHSA-2017:2292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "1037576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037576"
},
{
"name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"name": "openSUSE-SU-2017:0386",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340"
},
{
"name": "RHSA-2017:0574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "GLSA-201702-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"name": "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
"refsource": "CONFIRM",
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-5336",
"datePublished": "2017-03-24T15:00:00",
"dateReserved": "2017-01-10T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4487 (GCVE-0-2013-4487)
Vulnerability from cvelistv5
Published
2013-11-19 19:00
Modified
2024-09-16 21:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:1714",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html"
},
{
"name": "[oss-security] 20131031 Re: CVE Request: gnutls/libdane buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/31/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-19T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:1714",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html"
},
{
"name": "[oss-security] 20131031 Re: CVE Request: gnutls/libdane buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/31/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:1714",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html"
},
{
"name": "[oss-security] 20131031 Re: CVE Request: gnutls/libdane buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/31/4"
},
{
"name": "https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc",
"refsource": "CONFIRM",
"url": "https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4487",
"datePublished": "2013-11-19T19:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-16T21:09:04.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3467 (GCVE-0-2014-3467)
Vulnerability from cvelistv5
Published
2014-06-05 20:00
Modified
2024-08-06 10:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61888"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "58591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61888"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "58591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015302",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61888"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0247.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015303",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "58591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58614"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
},
{
"name": "SUSE-SU-2014:0788",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3467",
"datePublished": "2014-06-05T20:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3836 (GCVE-0-2019-3836)
Vulnerability from cvelistv5
Published
2019-04-01 14:16
Modified
2024-08-04 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/issues/704"
},
{
"name": "FEDORA-2019-46df367eed",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"name": "GLSA-201904-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0005/"
},
{
"name": "openSUSE-SU-2019:1353",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "RHSA-2019:3600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnutls",
"vendor": "gnutls",
"versions": [
{
"status": "affected",
"version": "fixed in gnutls 3.6.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-456",
"description": "CWE-456",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:08:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/issues/704"
},
{
"name": "FEDORA-2019-46df367eed",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"name": "GLSA-201904-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0005/"
},
{
"name": "openSUSE-SU-2019:1353",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "RHSA-2019:3600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gnutls",
"version": {
"version_data": [
{
"version_value": "fixed in gnutls 3.6.7"
}
]
}
}
]
},
"vendor_name": "gnutls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-456"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836"
},
{
"name": "https://gitlab.com/gnutls/gnutls/issues/704",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/issues/704"
},
{
"name": "FEDORA-2019-46df367eed",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"name": "GLSA-201904-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0005/"
},
{
"name": "openSUSE-SU-2019:1353",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "USN-3999-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "RHSA-2019:3600",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3836",
"datePublished": "2019-04-01T14:16:51",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4456 (GCVE-0-2016-4456)
Vulnerability from cvelistv5
Published
2017-08-08 21:00
Modified
2024-08-06 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343505"
},
{
"name": "[oss-security] 20160607 Re: CVE Request: GnuTLS: GNUTLS-SA-2016-1: File overwrite by setuid programs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/07/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"GNUTLS_KEYLOGFILE\" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-08T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343505"
},
{
"name": "[oss-security] 20160607 Re: CVE Request: GnuTLS: GNUTLS-SA-2016-1: File overwrite by setuid programs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/07/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"GNUTLS_KEYLOGFILE\" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343505",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343505"
},
{
"name": "[oss-security] 20160607 Re: CVE Request: GnuTLS: GNUTLS-SA-2016-1: File overwrite by setuid programs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/07/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4456",
"datePublished": "2017-08-08T21:00:00",
"dateReserved": "2016-05-02T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0282 (GCVE-0-2015-0282)
Vulnerability from cvelistv5
Published
2015-03-24 17:00
Modified
2024-08-06 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnutls.org/security.html"
},
{
"name": "DSA-3191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3191"
},
{
"name": "73119",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73119"
},
{
"name": "RHSA-2015:1457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1457.html"
},
{
"name": "1032148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnutls.org/security.html"
},
{
"name": "DSA-3191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3191"
},
{
"name": "73119",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73119"
},
{
"name": "RHSA-2015:1457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1457.html"
},
{
"name": "1032148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032148"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gnutls.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.gnutls.org/security.html"
},
{
"name": "DSA-3191",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3191"
},
{
"name": "73119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73119"
},
{
"name": "RHSA-2015:1457",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1457.html"
},
{
"name": "1032148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032148"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0282",
"datePublished": "2015-03-24T17:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3466 (GCVE-0-2014-3466)
Vulnerability from cvelistv5
Published
2014-06-03 14:00
Modified
2024-08-06 10:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gnutls.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678776"
},
{
"name": "DSA-2944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2944"
},
{
"name": "58340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58340"
},
{
"name": "RHSA-2014:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0595.html"
},
{
"name": "USN-2229-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2229-1"
},
{
"name": "58642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58642"
},
{
"name": "67741",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67741"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59057"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0595.html"
},
{
"name": "59086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59086"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"name": "RHSA-2014:0684",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"name": "openSUSE-SU-2014:0763",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "58598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58598"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155"
},
{
"name": "59838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59838"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "60384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60384"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "59016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59016"
},
{
"name": "openSUSE-SU-2014:0767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"name": "58601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58601"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59408"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd"
},
{
"name": "1030314",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030314"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gnutls.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678776"
},
{
"name": "DSA-2944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2944"
},
{
"name": "58340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58340"
},
{
"name": "RHSA-2014:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0595.html"
},
{
"name": "USN-2229-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2229-1"
},
{
"name": "58642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58642"
},
{
"name": "67741",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67741"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59057"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0595.html"
},
{
"name": "59086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59086"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"name": "RHSA-2014:0684",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"name": "openSUSE-SU-2014:0763",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "58598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58598"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155"
},
{
"name": "59838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59838"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "60384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60384"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "59016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59016"
},
{
"name": "openSUSE-SU-2014:0767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"name": "58601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58601"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59408"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd"
},
{
"name": "1030314",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030314"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gnutls.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.gnutls.org/security.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678776",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678776"
},
{
"name": "DSA-2944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2944"
},
{
"name": "58340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58340"
},
{
"name": "RHSA-2014:0595",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0595.html"
},
{
"name": "USN-2229-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2229-1"
},
{
"name": "58642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58642"
},
{
"name": "67741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67741"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015302",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59057"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0595.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0595.html"
},
{
"name": "59086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59086"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101932"
},
{
"name": "SUSE-SU-2014:0758",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"name": "RHSA-2014:0684",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0684.html"
},
{
"name": "openSUSE-SU-2014:0763",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html"
},
{
"name": "59021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59021"
},
{
"name": "RHSA-2014:0815",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/",
"refsource": "MISC",
"url": "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015303",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "58598",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58598"
},
{
"name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155",
"refsource": "CONFIRM",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155"
},
{
"name": "59838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59838"
},
{
"name": "SUSE-SU-2014:0788",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "60384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60384"
},
{
"name": "RHSA-2014:0594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "59016",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59016"
},
{
"name": "openSUSE-SU-2014:0767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html"
},
{
"name": "58601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58601"
},
{
"name": "59408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59408"
},
{
"name": "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd",
"refsource": "CONFIRM",
"url": "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd"
},
{
"name": "1030314",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030314"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3466",
"datePublished": "2014-06-03T14:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}