) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:gnu:gnutls:3.3.0:pre0
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-6251 |
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. Published: August 24, 2015; 10:59:10 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2014-8564 |
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. Published: November 13, 2014; 4:32:13 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2014-3466 |
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. Published: June 03, 2014; 10:55:10 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |