Search CVE reports
1 – 10 of 50 results
CVE-2024-28835
Medium priorityA flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
1 affected package
gnutls28
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnutls28 | Fixed | Fixed | Not affected | Not affected | Not affected |
CVE-2024-28834
Medium priorityA flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the...
1 affected package
gnutls28
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnutls28 | Fixed | Fixed | Fixed | Not affected | Not affected |
CVE-2024-0567
Medium priorityA vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows...
1 affected package
gnutls28
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnutls28 | Fixed | Fixed | Not affected | Not affected | Not affected |
CVE-2024-0553
Medium prioritySome fixes available 6 of 8
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker...
1 affected package
gnutls28
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnutls28 | Fixed | Fixed | Fixed | Needs evaluation | Ignored |
CVE-2023-5981
Medium prioritySome fixes available 5 of 6
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
1 affected package
gnutls28
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnutls28 | — | Fixed | Fixed | Fixed | Ignored |
CVE-2023-0361
Medium prioritySome fixes available 4 of 6
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style...
1 affected package
gnutls28
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnutls28 | — | Fixed | Fixed | Ignored | Ignored |
CVE-2022-2509
Medium priorityA vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
1 affected package
gnutls28
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnutls28 | — | Fixed | Fixed | Fixed | Not affected |
CVE-2021-4209
Low prioritySome fixes available 3 of 5
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication...
2 affected packages
gnutls26, gnutls28
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnutls26 | Not in release | Not in release | Not in release | Not in release | Not in release |
gnutls28 | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2021-20232
Low prioritySome fixes available 1 of 2
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
1 affected package
gnutls28
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnutls28 | — | Not affected | Fixed | Not affected | Not affected |
CVE-2021-20231
Low prioritySome fixes available 1 of 2
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
1 affected package
gnutls28
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnutls28 | — | Not affected | Fixed | Not affected | Not affected |