gnutls · threatengine.sh

CVE-2026-42010

all versions

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest-Shamir-Adleman - Pre-Shared Key) wrongfully matched usernames

7.1HIGH

CVE-2026-3833

all versions

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labe

6.5MEDIUM

CVE-2026-3832

all versions

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificat

3.7LOW

CVE-2026-33845

all versions

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer und

7.5HIGH

CVE-2026-1584

all versions

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted Clien

7.5HIGH

CVE-2025-32990

all versions

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utilit

6.5MEDIUM

CVE-2025-32989

all versions

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Ti

5.3MEDIUM

CVE-2025-32988

< 3.8.10

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic o

6.5MEDIUM

CVE-2024-0567

>= 3.7.0 and < 3.8.3

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This

7.5HIGH

CVE-2024-0553

< 3.8.3

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the resp

7.5HIGH

CVE-2023-5981

< 3.8.2

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times

5.9MEDIUM

CVE-2023-0361

all versions

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be suffici

7.4HIGH

CVE-2021-4209

< 3.7.3

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-leng

6.5MEDIUM

CVE-2022-2509

< 3.7.7

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 sig

7.5HIGH

CVE-2021-20232

>= 3.6.3 and < 3.7.1

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption

9.8CRITICAL

CVE-2021-20231

>= 3.6.3 and < 3.7.1

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other c

9.8CRITICAL

CVE-2020-24659

< 3.6.15

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_reneg

7.5HIGH

CVE-2020-13777

>= 3.6.0 and < 3.6.14

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and

7.4HIGH

CVE-2020-11501

>= 3.6.3 and < 3.6.13

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an

7.4HIGH

CVE-2015-0294

< 3.3.13

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.

7.5HIGH

CVE-2015-8313

>= 2.0.0 and <= 2.12.24

GnuTLS incorrectly validates the first byte of padding in CBC modes

5.9MEDIUM

CVE-2019-3836

>= 3.6.3 and < 3.6.7

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 o

5.9MEDIUM

CVE-2019-3829

>= 3.5.8 and < 3.6.7

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certi

5.3MEDIUM

CVE-2018-16868

<= 3.6.4

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted P

5.6MEDIUM

CVE-2018-10846

< 3.6.12

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An att

5.6MEDIUM

CVE-2018-10845

< 3.6.12

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers coul

5.9MEDIUM

CVE-2018-10844

< 3.6.12

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers coul

5.9MEDIUM

CVE-2016-4456

all versions

The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in

7.5HIGH

CVE-2017-7507

<= 3.5.12

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with

7.5HIGH

CVE-2017-7869

<= 3.5.9

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cd

7.5HIGH

CVE-2017-5337

<= 3.3.25

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote at

9.8CRITICAL

CVE-2017-5336

<= 3.3.25

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.

9.8CRITICAL

CVE-2017-5335

<= 3.3.25

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to

7.5HIGH

CVE-2017-5334

<= 3.3.25

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remot

9.8CRITICAL

CVE-2016-7444

<= 3.4.14

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the seri

7.5HIGH

CVE-2015-3308

<= 3.3.13

Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or p

CVE-2015-6251

all versions

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via

CVE-2014-8155

<= 2.9.9

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attack

CVE-2015-0282

<= 3.0.9

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, w

CVE-2014-8564

all versions

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.1

CVE-2014-3465

all versions

The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attack

CVE-2014-3469

< 3.5.7

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to ca

CVE-2014-3468

< 3.5.7

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identifie

CVE-2014-3467

< 3.5.7

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to c

CVE-2014-3466

<= 3.1.24

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.

CVE-2014-1959

<= 3.1.20

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which a

CVE-2014-0092

<= 3.2.11

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509

CVE-2009-5138

<= 2.7.5

GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as inter

CVE-2013-4487

all versions

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows re

CVE-2013-4466

all versions

Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5

CVE-2013-2116

all versions

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of s

CVE-2013-1619

all versions

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing sid

CVE-2012-1573

<= 2.12.16

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block c

CVE-2012-1569

<= 3.0.15

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, do

CVE-2012-1663

<= 3.0.13

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application c

CVE-2012-0390

<= 3.0.10

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship

CVE-2011-4128

all versions

Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0

CVE-2006-7239

<= 1.4.1

The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a d

CVE-2010-0731

<= 1.2.0

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls th

CVE-2009-3555

<= 2.8.5

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod

9.8CRITICAL

CVE-2009-2730

<= 2.8.1

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN)

CVE-2009-2409

< 2.6.4

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 throug

CVE-2009-1417

<= 2.6.5

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote a

CVE-2009-1416

all versions

lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DS

CVE-2009-1415

< 2.6.6

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attack

CVE-2008-4989

< 2.6.1

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in

5.9MEDIUM

CVE-2008-2377

all versions

Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS

CVE-2008-1950

all versions

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4

CVE-2008-1949

all versions

The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to pro

CVE-2008-1948

all versions

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not

CVE-2006-4790

all versions

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorith

CVE-2005-1431

all versions

The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service,

CVE-2004-2531

all versions

X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause

gnu gnutls