Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnutls vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-20231
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
Gnu Gnutls
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Netapp Active Iq Unified Manager -
Netapp E-series Performance Analyzer -
9.8
CVSSv3
CVE-2021-20232
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
Gnu Gnutls
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
1 Github repository
9.8
CVSSv3
CVE-2013-7098
OpenConnect VPN client with GnuTLS prior to 5.02 contains a heap overflow if MTU is increased on reconnection.
Infradead Openconnect
9.8
CVSSv3
CVE-2018-21029
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability ...
Systemd Project Systemd
Fedoraproject Fedora 31
9.8
CVSSv3
CVE-2017-5334
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS prior to 3.3.26 and 3.5.x prior to 3.5.8 allows remote malicious users to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information ...
Opensuse Leap 42.1
Opensuse Leap 42.2
Gnu Gnutls 3.5.3
Gnu Gnutls 3.5.4
Gnu Gnutls 3.5.5
Gnu Gnutls 3.5.6
Gnu Gnutls 3.5.1
Gnu Gnutls 3.5.2
Gnu Gnutls
Gnu Gnutls 3.5.7
Gnu Gnutls 3.5.0
8.8
CVSSv3
CVE-2017-6891
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
Gnu Libtasn1 4.10
Debian Debian Linux 8.0
Apache Bookkeeper 4.12.1
7.5
CVSSv3
CVE-2024-0567
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or malicious user...
Gnu Gnutls
7.5
CVSSv3
CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote malicious user to perform a timing side-channel attack in th...
Gnu Gnutls
Fedoraproject Fedora 39
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
7.5
CVSSv3
CVE-2023-25824
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU ...
Mod Gnutls Project Mod Gnutls
7.5
CVSSv3
CVE-2022-2509
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
Gnu Gnutls
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 35
Debian Debian Linux 10.0
Debian Debian Linux 11.0
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »