Skip to main content

Gnutls

48 CVEs product

Monthly

CVE-2026-42009 HIGH PATCH This Week

Denial of service in GnuTLS affects the Datagram Transport Layer Security (DTLS) packet reordering logic, where the comparator function fails to correctly handle packets with duplicate sequence numbers. Remote unauthenticated attackers can send specially crafted DTLS packet sequences to trigger unstable ordering or undefined behavior, causing service disruption. No public exploit identified at time of analysis, and the issue is rated CVSS 7.5 (High) for availability impact only.

Denial Of Service Gnutls Hardened Images Openshift Container Platform Enterprise Linux +10
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42010 CRITICAL PATCH Act Now

Authentication bypass in GnuTLS affects servers that enable the RSA-PSK key exchange, where the PSK identity comparison treats a username containing an embedded NUL byte as equal to a legitimate truncated username. Remote attackers can send a crafted username to circumvent pre-shared-key authentication and gain unauthorized access. There is no public exploit identified at time of analysis, the EPSS probability is low (0.15%), and CISA SSVC scores exploitation as none - indicating high theoretical severity but no observed real-world abuse.

Authentication Bypass Gnutls Hardened Images Openshift Container Platform Enterprise Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-32990 HIGH PATCH This Week

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Heap Overflow Buffer Overflow Gnutls Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-32989 MEDIUM PATCH This Month

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.

Information Disclosure Gnutls Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-32988 HIGH PATCH This Week

Memory corruption and denial of service in GnuTLS arises from a double-free (CWE-415) in the code that exports X.509 Subject Alternative Name entries containing an otherName field. When the type-id OID inside such an entry is invalid or malformed, GnuTLS calls asn1_delete_structure() on an ASN.1 node it does not own, so the same structure is freed again by the calling function, corrupting allocator state. The flaw is reachable through public GnuTLS APIs - meaning any application that parses or re-exports an attacker-supplied certificate is exposed - and there is no public exploit identified at time of analysis (EPSS 0.04%, 12th percentile; not in CISA KEV).

Buffer Overflow Denial Of Service Gnutls Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2024-0553 HIGH POC PATCH This Week

A vulnerability was found in GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Gnutls Fedora Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-5981 MEDIUM This Month

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Debian Linux Gnutls Linux Fedora
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-0361 HIGH POC PATCH This Week

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Gnutls Enterprise Linux Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
7.4
EPSS
1.4%
CVE-2022-2509 HIGH This Week

A vulnerability found in gnutls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gnutls Enterprise Linux Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-20232 CRITICAL PATCH Act Now

A flaw was found in gnutls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Denial Of Service Gnutls +2
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-20231 CRITICAL POC PATCH Act Now

A flaw was found in gnutls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Buffer Overflow Memory Corruption Denial Of Service Gnutls +4
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-24659 HIGH POC This Week

An issue was discovered in GnuTLS before 3.6.15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gnutls Fedora Leap +1
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-13777 HIGH This Week

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Gnutls Fedora Ubuntu Linux Debian Linux
NVD
CVSS 3.1
7.4
EPSS
17.5%
CVE-2020-11501 HIGH PATCH This Week

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Ubuntu Linux Debian Linux Leap +1
NVD
CVSS 3.1
7.4
EPSS
3.4%
CVE-2019-3836 HIGH POC This Week

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gnutls Fedora Leap
NVD
CVSS 3.0
7.5
EPSS
3.4%
CVE-2019-3829 HIGH POC THREAT This Week

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Use After Free Memory Corruption Gnutls Fedora
NVD
CVSS 3.0
7.5
EPSS
59.0%
CVE-2018-16868 MEDIUM This Month

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. Rated medium severity (CVSS 5.6). No vendor patch available.

Oracle Information Disclosure Gnutls
NVD
CVSS 3.1
5.6
EPSS
0.6%
CVE-2018-10846 MEDIUM PATCH This Month

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. Rated medium severity (CVSS 5.6).

Information Disclosure Gnutls Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 3.1
5.6
EPSS
0.4%
CVE-2018-10845 MEDIUM PATCH This Month

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 3.1
5.9
EPSS
3.6%
CVE-2018-10844 MEDIUM PATCH This Month

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 3.1
5.9
EPSS
3.6%
CVE-2016-4456 HIGH This Week

The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gnutls
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-7507 HIGH This Week

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Gnutls
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-7869 HIGH PATCH This Week

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Gnutls
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-5337 CRITICAL PATCH Act Now

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Leap Gnutls
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2017-5336 CRITICAL PATCH Act Now

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Leap Gnutls
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2017-5335 HIGH PATCH This Week

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Leap Gnutls
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2017-5334 CRITICAL PATCH Act Now

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Leap Gnutls
NVD
CVSS 3.0
9.8
EPSS
5.6%
CVE-2016-7444 HIGH PATCH This Week

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Gnutls
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2015-3308 HIGH This Week

Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnutls Ubuntu Linux
NVD
CVSS 2.0
7.5
EPSS
1.4%
CVE-2015-6251 MEDIUM This Month

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnutls Debian Linux
NVD
CVSS 2.0
5.0
EPSS
6.7%
CVE-2014-8155 MEDIUM This Month

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Gnutls
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0282 MEDIUM This Month

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gnutls
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-8564 MEDIUM PATCH This Month

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-3465 MEDIUM This Month

The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnutls
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-3469 MEDIUM PATCH This Month

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference Gnutls Libtasn1 Virtualization +11
NVD
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-3468 HIGH PATCH Act Now

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.7%.

Buffer Overflow Gnutls Libtasn1 Virtualization Debian Linux +11
NVD
CVSS 2.0
7.5
EPSS
10.7%
CVE-2014-3467 MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls Libtasn1 Virtualization +12
NVD
CVSS 2.0
5.0
EPSS
6.8%
CVE-2014-3466 MEDIUM POC THREAT This Month

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.7%.

Denial Of Service RCE Buffer Overflow Gnutls
NVD
CVSS 2.0
6.8
EPSS
13.7%
CVE-2014-1959 MEDIUM POC This Month

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Gnutls
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-0092 MEDIUM This Month

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Gnutls
NVD VulDB
CVSS 2.0
5.8
EPSS
4.8%
CVE-2013-4487 MEDIUM POC PATCH This Month

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Gnutls Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-4466 MEDIUM PATCH This Month

Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Gnutls
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-2116 MEDIUM This Month

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnutls
NVD
CVSS 2.0
5.0
EPSS
8.7%
CVE-2013-1619 MEDIUM POC This Month

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Gnutls
NVD
CVSS 2.0
4.0
EPSS
1.2%
CVE-2012-1573 MEDIUM POC This Month

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Gnutls
NVD
CVSS 2.0
5.0
EPSS
9.6%
CVE-2012-1569 MEDIUM POC PATCH THREAT This Month

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

Buffer Overflow Denial Of Service Gnutls Libtasn1
NVD
CVSS 2.0
5.0
EPSS
10.2%
CVE-2012-1663 HIGH POC PATCH This Week

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Gnutls
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.1%
CVE-2012-0390 MEDIUM This Month

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Gnutls
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in GnuTLS affects the Datagram Transport Layer Security (DTLS) packet reordering logic, where the comparator function fails to correctly handle packets with duplicate sequence numbers. Remote unauthenticated attackers can send specially crafted DTLS packet sequences to trigger unstable ordering or undefined behavior, causing service disruption. No public exploit identified at time of analysis, and the issue is rated CVSS 7.5 (High) for availability impact only.

Denial Of Service Gnutls Hardened Images +12
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Authentication bypass in GnuTLS affects servers that enable the RSA-PSK key exchange, where the PSK identity comparison treats a username containing an embedded NUL byte as equal to a legitimate truncated username. Remote attackers can send a crafted username to circumvent pre-shared-key authentication and gain unauthorized access. There is no public exploit identified at time of analysis, the EPSS probability is low (0.15%), and CISA SSVC scores exploitation as none - indicating high theoretical severity but no observed real-world abuse.

Authentication Bypass Gnutls Hardened Images +2
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Heap Overflow Buffer Overflow Gnutls +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.

Information Disclosure Gnutls Openshift Container Platform +1
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Memory corruption and denial of service in GnuTLS arises from a double-free (CWE-415) in the code that exports X.509 Subject Alternative Name entries containing an otherName field. When the type-id OID inside such an entry is invalid or malformed, GnuTLS calls asn1_delete_structure() on an ASN.1 node it does not own, so the same structure is freed again by the calling function, corrupting allocator state. The flaw is reachable through public GnuTLS APIs - meaning any application that parses or re-exports an attacker-supplied certificate is exposed - and there is no public exploit identified at time of analysis (EPSS 0.04%, 12th percentile; not in CISA KEV).

Buffer Overflow Denial Of Service Gnutls +2
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability was found in GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Gnutls +2
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Debian Linux Gnutls +2
NVD
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Gnutls Enterprise Linux +5
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability found in gnutls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gnutls Enterprise Linux +2
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in gnutls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +4
NVD
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

A flaw was found in gnutls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Buffer Overflow Memory Corruption +6
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

An issue was discovered in GnuTLS before 3.6.15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gnutls +3
NVD
EPSS 18% CVSS 7.4
HIGH This Week

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Gnutls Fedora +2
NVD
EPSS 3% CVSS 7.4
HIGH PATCH This Week

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Ubuntu Linux +3
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gnutls Fedora +1
NVD
EPSS 59% CVSS 7.5
HIGH POC THREAT This Week

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Use After Free Memory Corruption +2
NVD
EPSS 1% CVSS 5.6
MEDIUM This Month

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. Rated medium severity (CVSS 5.6). No vendor patch available.

Oracle Information Disclosure Gnutls
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. Rated medium severity (CVSS 5.6).

Information Disclosure Gnutls Enterprise Linux Desktop +5
NVD
EPSS 4% CVSS 5.9
MEDIUM PATCH This Month

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Enterprise Linux Desktop +5
NVD
EPSS 4% CVSS 5.9
MEDIUM PATCH This Month

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Enterprise Linux Desktop +5
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gnutls
NVD
EPSS 1% CVSS 7.5
HIGH This Week

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Gnutls
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Gnutls
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Leap Gnutls
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Leap Gnutls
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Leap Gnutls
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Gnutls
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnutls Ubuntu Linux
NVD
EPSS 7% CVSS 5.0
MEDIUM This Month

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnutls Debian Linux
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Gnutls
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gnutls
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls +6
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnutls
NVD
EPSS 9% CVSS 5.0
MEDIUM PATCH This Month

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference Gnutls +13
NVD
EPSS 11% CVSS 7.5
HIGH PATCH Act Now

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.7%.

Buffer Overflow Gnutls Libtasn1 +13
NVD
EPSS 7% CVSS 5.0
MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls +14
NVD
EPSS 14% CVSS 6.8
MEDIUM POC THREAT This Month

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.7%.

Denial Of Service RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 5.8
MEDIUM POC This Month

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Gnutls
NVD VulDB
EPSS 5% CVSS 5.8
MEDIUM This Month

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Gnutls
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Gnutls +1
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Gnutls
NVD
EPSS 9% CVSS 5.0
MEDIUM This Month

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnutls
NVD
EPSS 1% CVSS 4.0
MEDIUM POC This Month

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Gnutls
NVD
EPSS 10% CVSS 5.0
MEDIUM POC This Month

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Gnutls
NVD
EPSS 10% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

Buffer Overflow Denial Of Service Gnutls +1
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Gnutls
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM This Month

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Gnutls
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy