National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:gnu:gnutls:3.3.1
There are 11 matching records.
Vuln ID Summary CVSS Severity
CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.

Published: June 16, 2017; 03:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-7869

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.

Published: April 14, 2017; 12:59:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-5337

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.

Published: March 24, 2017; 11:59:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-5336

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.

Published: March 24, 2017; 11:59:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-5335

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

Published: March 24, 2017; 11:59:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-5334

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.

Published: March 24, 2017; 11:59:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-7444

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

Published: September 27, 2016; 11:59:12 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2015-3308

Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

Published: September 02, 2015; 10:59:01 AM -04:00
V2: 7.5 HIGH
CVE-2015-6251

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.

Published: August 24, 2015; 10:59:10 AM -04:00
V2: 5.0 MEDIUM
CVE-2014-8564

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.

Published: November 13, 2014; 04:32:13 PM -05:00
V2: 5.0 MEDIUM
CVE-2014-3466

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

Published: June 03, 2014; 10:55:10 AM -04:00
V2: 6.8 MEDIUM