Search CVE reports
51 – 56 of 56 results
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might...
10 affected packages
openssl, mbedtls, openssl098, bouncycastle, gnutls26...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | — | — | — | Not affected |
| mbedtls | — | — | — | Not affected |
| openssl098 | — | — | — | Not in release |
| bouncycastle | — | — | — | Not affected |
| gnutls26 | — | — | — | Not in release |
| gnutls28 | — | — | — | Not affected |
| libgcrypt11 | — | — | — | Not in release |
| nss | — | — | — | Not affected |
| polarssl | — | — | — | Not in release |
| python-crypto | — | — | — | Not affected |
Some fixes available 6 of 7
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an...
2 affected packages
gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls26 | — | — | — | — |
| gnutls28 | — | — | — | — |
Some fixes available 5 of 8
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC...
3 affected packages
gnutls13, gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |
| gnutls28 | — | — | — | — |
Some fixes available 11 of 12
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption...
3 affected packages
gnutls13, gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |
| gnutls28 | — | — | — | — |
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
3 affected packages
gnutls28, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls28 | — | — | — | — |
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to...
3 affected packages
gnutls13, gnutls26, gnutls28
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnutls13 | — | — | — | — |
| gnutls26 | — | — | — | — |
| gnutls28 | — | — | — | — |