| Max CVSS | 6.8 | Min CVSS | 1.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-3466 | 6.8 |
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code
|
14-02-2024 - 01:17 | 03-06-2014 - 14:55 | |
| CVE-2020-13777 | 5.8 |
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-
|
01-03-2023 - 16:48 | 04-06-2020 - 07:15 | |
| CVE-2020-24659 | 5.0 |
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the app
|
27-02-2023 - 15:30 | 04-09-2020 - 15:15 | |
| CVE-2018-10846 | 1.9 |
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain
|
13-02-2023 - 04:50 | 22-08-2018 - 13:29 | |
| CVE-2020-11501 | 5.8 |
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes
|
21-07-2021 - 11:39 | 03-04-2020 - 13:15 | |
| CVE-2020-24659 | 5.0 |
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the app
|
25-09-2020 - 20:15 | 04-09-2020 - 15:15 | |
| CVE-2019-3836 | 5.0 |
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
|
30-05-2019 - 16:29 | 01-04-2019 - 15:29 | |
| CVE-2015-7575 | 4.3 |
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it e
|
30-10-2018 - 16:27 | 09-01-2016 - 02:59 | |
| CVE-2014-8564 | 5.0 |
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptograp
|
30-10-2018 - 16:27 | 13-11-2014 - 21:32 | |
| CVE-2017-7869 | 5.0 |
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is
|
05-01-2018 - 02:31 | 14-04-2017 - 04:59 |