Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu gnutls 2.3.8 vulnerabilities and exploits
(subscribe to this query)
7.6
CVSSv2
CVE-2008-2377
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 up to and including 2.4.0 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmi...
Gnu Gnutls 2.3.5
Gnu Gnutls 2.3.8
Gnu Gnutls 2.3.9
Gnu Gnutls 2.4.0
Gnu Gnutls 2.3.7
Gnu Gnutls 2.3.6
5
CVSSv2
CVE-2012-1573
gnutls_cipher.c in libgnutls in GnuTLS prior to 2.12.17 and 3.x prior to 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote malicious users to cause a denial of service (heap memory corruption and application crash) via a crafted record, as de...
Gnu Gnutls 2.12.15
Gnu Gnutls 2.3.5
Gnu Gnutls 2.10.2
Gnu Gnutls 2.0.0
Gnu Gnutls 2.8.3
Gnu Gnutls 2.3.4
Gnu Gnutls 2.12.2
Gnu Gnutls 2.7.4
Gnu Gnutls 2.6.1
Gnu Gnutls 2.2.4
Gnu Gnutls 2.1.0
Gnu Gnutls 2.3.1
Gnu Gnutls 2.12.7
Gnu Gnutls 2.12.5
Gnu Gnutls 2.2.5
Gnu Gnutls 2.1.1
Gnu Gnutls 2.3.8
Gnu Gnutls 2.8.5
Gnu Gnutls 2.1.7
Gnu Gnutls 2.10.4
Gnu Gnutls 2.1.4
Gnu Gnutls 2.6.0
10
CVSSv2
CVE-2008-1948
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS prior to 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote malicious users to ca...
Gnu Gnutls 2.3.5
Gnu Gnutls 1.6.0
Gnu Gnutls 2.0.0
Gnu Gnutls 1.5.0
Gnu Gnutls 1.2.8
Gnu Gnutls 1.1.14
Gnu Gnutls 2.3.4
Gnu Gnutls 1.7.3
Gnu Gnutls 1.4.1
Gnu Gnutls 1.4.3
Gnu Gnutls 1.2.11
Gnu Gnutls 1.1.21
Gnu Gnutls 1.7.5
Gnu Gnutls 1.7.11
Gnu Gnutls 1.0.20
Gnu Gnutls 1.2.5
Gnu Gnutls 2.2.4
Gnu Gnutls 1.2.4
Gnu Gnutls 1.3.1
Gnu Gnutls 1.0.24
Gnu Gnutls 1.7.15
Gnu Gnutls 1.6.1
9.3
CVSSv2
CVE-2008-1949
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS prior to 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote malicious users to cause a denial of servi...
Gnu Gnutls 2.3.5
Gnu Gnutls 1.6.0
Gnu Gnutls 2.0.0
Gnu Gnutls 1.5.0
Gnu Gnutls 1.2.8
Gnu Gnutls 1.1.14
Gnu Gnutls 2.3.4
Gnu Gnutls 1.7.3
Gnu Gnutls 1.4.1
Gnu Gnutls 1.4.3
Gnu Gnutls 1.2.11
Gnu Gnutls 1.1.21
Gnu Gnutls 1.7.5
Gnu Gnutls 1.7.11
Gnu Gnutls 1.0.20
Gnu Gnutls 1.2.5
Gnu Gnutls 2.2.4
Gnu Gnutls 1.2.4
Gnu Gnutls 1.3.1
Gnu Gnutls 1.0.24
Gnu Gnutls 1.7.15
Gnu Gnutls 1.6.1
5
CVSSv2
CVE-2008-1950
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS prior to 2.2.4 allows remote malicious users to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encryp...
Gnu Gnutls 2.3.5
Gnu Gnutls 1.6.0
Gnu Gnutls 2.0.0
Gnu Gnutls 1.5.0
Gnu Gnutls 1.2.8
Gnu Gnutls 1.1.14
Gnu Gnutls 2.3.4
Gnu Gnutls 1.7.3
Gnu Gnutls 1.4.1
Gnu Gnutls 1.4.3
Gnu Gnutls 1.2.11
Gnu Gnutls 1.1.21
Gnu Gnutls 1.7.5
Gnu Gnutls 1.7.11
Gnu Gnutls 1.0.20
Gnu Gnutls 1.2.5
Gnu Gnutls 2.2.4
Gnu Gnutls 1.2.4
Gnu Gnutls 1.3.1
Gnu Gnutls 1.0.24
Gnu Gnutls 1.7.15
Gnu Gnutls 1.6.1
7.5
CVSSv2
CVE-2009-2730
libgnutls in GnuTLS prior to 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle malicious users to spoof arbitrar...
Gnu Gnutls 2.3.5
Gnu Gnutls 1.6.0
Gnu Gnutls 2.0.0
Gnu Gnutls 1.5.0
Gnu Gnutls 1.2.8
Gnu Gnutls 1.1.14
Gnu Gnutls 2.3.4
Gnu Gnutls 1.7.3
Gnu Gnutls 1.4.1
Gnu Gnutls 1.4.3
Gnu Gnutls 2.6.1
Gnu Gnutls 1.2.11
Gnu Gnutls 1.1.21
Gnu Gnutls 1.7.5
Gnu Gnutls 1.7.11
Gnu Gnutls 1.0.20
Gnu Gnutls 1.2.5
Gnu Gnutls 2.2.4
Gnu Gnutls 1.0.17
Gnu Gnutls 1.2.4
Gnu Gnutls 1.3.1
Gnu Gnutls 1.0.24
4
CVSSv2
CVE-2013-1619
The TLS implementation in GnuTLS prior to 2.12.23, 3.0.x prior to 3.0.28, and 3.1.x prior to 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to c...
Gnu Gnutls 2.12.15
Gnu Gnutls 2.3.5
Gnu Gnutls 2.10.2
Gnu Gnutls 2.0.0
Gnu Gnutls 2.8.3
Gnu Gnutls 2.3.4
Gnu Gnutls 2.12.2
Gnu Gnutls 2.7.4
Gnu Gnutls 2.6.1
Gnu Gnutls 2.2.4
Gnu Gnutls 2.12.22
Gnu Gnutls 2.1.0
Gnu Gnutls 2.3.1
Gnu Gnutls 2.12.7
Gnu Gnutls 2.12.5
Gnu Gnutls 2.2.5
Gnu Gnutls 2.1.1
Gnu Gnutls 2.3.8
Gnu Gnutls 2.8.5
Gnu Gnutls 2.12.16
Gnu Gnutls 2.1.7
Gnu Gnutls 2.10.4
5
CVSSv2
CVE-2009-1417
gnutls-cli in GnuTLS prior to 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote malicious users to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls...
Gnu Gnutls 2.3.5
Gnu Gnutls 1.6.0
Gnu Gnutls 2.0.0
Gnu Gnutls 1.5.0
Gnu Gnutls 1.2.8
Gnu Gnutls 1.1.14
Gnu Gnutls 2.3.4
Gnu Gnutls 1.7.3
Gnu Gnutls 1.4.1
Gnu Gnutls 1.4.3
Gnu Gnutls 2.6.1
Gnu Gnutls 1.2.11
Gnu Gnutls 1.1.21
Gnu Gnutls 1.7.5
Gnu Gnutls 1.7.11
Gnu Gnutls 1.0.20
Gnu Gnutls 1.2.5
Gnu Gnutls 2.2.4
Gnu Gnutls 1.0.17
Gnu Gnutls 1.2.4
Gnu Gnutls 1.3.1
Gnu Gnutls 1.0.24
7.5
CVSSv2
CVE-2012-1663
Double free vulnerability in libgnutls in GnuTLS prior to 3.0.14 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
Gnu Gnutls 2.3.5
Gnu Gnutls 1.6.0
Gnu Gnutls 2.10.2
Gnu Gnutls 3.0.12
Gnu Gnutls 2.0.0
Gnu Gnutls 1.5.0
Gnu Gnutls 1.2.8
Gnu Gnutls 2.8.3
Gnu Gnutls 1.1.14
Gnu Gnutls 2.3.4
Gnu Gnutls 1.7.3
Gnu Gnutls 3.0.3
Gnu Gnutls 2.12.2
Gnu Gnutls 2.7.4
Gnu Gnutls 3.0.9
Gnu Gnutls 1.4.1
Gnu Gnutls 1.4.3
Gnu Gnutls 2.6.1
Gnu Gnutls 1.2.11
Gnu Gnutls 3.0.6
Gnu Gnutls 1.1.21
Gnu Gnutls 1.7.5
1 EDB exploit
5
CVSSv2
CVE-2012-1569
The asn1_get_length_der function in decoding.c in GNU Libtasn1 prior to 2.12, as used in GnuTLS prior to 3.0.16 and other products, does not properly handle certain large length values, which allows remote malicious users to cause a denial of service (heap memory corruption and a...
Gnu Gnutls 2.3.5
Gnu Gnutls 1.6.0
Gnu Gnutls 2.10.2
Gnu Gnutls 3.0.12
Gnu Gnutls 2.0.0
Gnu Gnutls 1.5.0
Gnu Gnutls 1.2.8
Gnu Gnutls 2.8.3
Gnu Gnutls 1.1.14
Gnu Libtasn1 1.0
Gnu Libtasn1 2.4
Gnu Gnutls 2.3.4
Gnu Libtasn1 0.2.17
Gnu Libtasn1 0.3.9
Gnu Gnutls 1.7.3
Gnu Gnutls 3.0.3
Gnu Gnutls 2.12.2
Gnu Libtasn1 2.6
Gnu Libtasn1 0.3.3
Gnu Gnutls 2.7.4
Gnu Gnutls 3.0.9
Gnu Gnutls 1.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »