Search CVE reports

Toggle filters

1 – 9 of 9 results

CVE-2006-7239

Medium priority
Fixed

The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not...

4 affected packages

gnutls11, gnutls12, gnutls13, gnutls26

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls11
gnutls12
gnutls13
gnutls26
Show less packages

CVE-2010-0731

Medium priority
Ignored

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows...

4 affected packages

gnutls11, gnutls12, gnutls13, gnutls26

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls11
gnutls12
gnutls13
gnutls26
Show less packages

CVE-2009-2730

Medium priority

Some fixes available 5 of 6

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle...

4 affected packages

gnutls11, gnutls12, gnutls13, gnutls26

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls11
gnutls12
gnutls13
gnutls26
Show less packages

CVE-2009-1417

Low priority
Ignored

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid,...

4 affected packages

gnutls11, gnutls12, gnutls13, gnutls26

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls11
gnutls12
gnutls13
gnutls26
Show less packages

CVE-2009-1416

Medium priority
Not affected

lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified...

4 affected packages

gnutls11, gnutls12, gnutls13, gnutls26

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls11
gnutls12
gnutls13
gnutls26
Show less packages

CVE-2009-1415

Medium priority
Not affected

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via...

4 affected packages

gnutls11, gnutls12, gnutls13, gnutls26

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls11
gnutls12
gnutls13
gnutls26
Show less packages

CVE-2008-4989

Medium priority

Some fixes available 4 of 5

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows...

4 affected packages

gnutls11, gnutls12, gnutls13, gnutls26

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls11
gnutls12
gnutls13
gnutls26
Show less packages

CVE-2006-4790

Unknown priority
Fixed

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5...

3 affected packages

gnutls11, gnutls12, gnutls13

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls11
gnutls12
gnutls13
Show less packages

CVE-2005-1431

Unknown priority
Fixed

The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.

1 affected package

gnutls11

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls11
Show less packages