Filtered by vendor Gnu
Subscriptions
Filtered by product Gnutls
Subscriptions
Total
79 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1416 | 1 Gnu | 1 Gnutls | 2026-04-23 | N/A |
| lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. | ||||
| CVE-2009-1417 | 1 Gnu | 1 Gnutls | 2026-04-23 | N/A |
| gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. | ||||
| CVE-2008-1950 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2026-04-23 | N/A |
| Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. | ||||
| CVE-2008-1948 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2026-04-23 | N/A |
| The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1. | ||||
| CVE-2025-32990 | 2 Gnu, Redhat | 10 Gnutls, Ceph Storage, Discovery and 7 more | 2026-04-20 | 6.5 Medium |
| A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. | ||||
| CVE-2005-1431 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2026-04-16 | N/A |
| The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. | ||||
| CVE-2006-4790 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2026-04-16 | N/A |
| verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339. | ||||
| CVE-2004-2531 | 1 Gnu | 1 Gnutls | 2026-04-16 | N/A |
| X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys. | ||||
| CVE-2023-5981 | 4 Debian, Fedoraproject, Gnu and 1 more | 8 Debian Linux, Fedora, Gnutls and 5 more | 2026-03-25 | 5.9 Medium |
| A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. | ||||
| CVE-2024-0553 | 3 Fedoraproject, Gnu, Redhat | 6 Fedora, Gnutls, Enterprise Linux and 3 more | 2026-03-24 | 7.5 High |
| A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. | ||||
| CVE-2022-2509 | 4 Debian, Fedoraproject, Gnu and 1 more | 4 Debian Linux, Fedora, Gnutls and 1 more | 2025-12-02 | 7.5 High |
| A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. | ||||
| CVE-2024-0567 | 5 Debian, Fedoraproject, Gnu and 2 more | 9 Debian Linux, Fedora, Gnutls and 6 more | 2025-11-20 | 7.5 High |
| A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. | ||||
| CVE-2017-5336 | 3 Gnu, Opensuse, Redhat | 3 Gnutls, Leap, Enterprise Linux | 2025-04-20 | N/A |
| Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. | ||||
| CVE-2017-5334 | 3 Gnu, Opensuse, Redhat | 3 Gnutls, Leap, Enterprise Linux | 2025-04-20 | N/A |
| Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. | ||||
| CVE-2017-7869 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2025-04-20 | N/A |
| GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. | ||||
| CVE-2017-7507 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2025-04-20 | N/A |
| GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. | ||||
| CVE-2016-4456 | 1 Gnu | 1 Gnutls | 2025-04-20 | 7.5 High |
| The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. | ||||
| CVE-2017-5335 | 3 Gnu, Opensuse, Redhat | 3 Gnutls, Leap, Enterprise Linux | 2025-04-20 | N/A |
| The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. | ||||
| CVE-2017-5337 | 3 Gnu, Opensuse, Redhat | 3 Gnutls, Leap, Enterprise Linux | 2025-04-20 | N/A |
| Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | ||||
| CVE-2015-6251 | 2 Debian, Gnu | 2 Debian Linux, Gnutls | 2025-04-12 | N/A |
| Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. | ||||