cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-0361,https://securityvulnerability.io/vulnerability/CVE-2023-0361,Timing Side-Channel Vulnerability in GnuTLS RSA ClientKeyExchange,"A timing side-channel vulnerability has been identified in GnuTLS's processing of RSA ClientKeyExchange messages. This flaw can expose sensitive keys through a network, enabling attackers to mount a Bleichenbacher-style attack. To exploit this vulnerability, the attacker must send a high volume of specially crafted messages to the vulnerable server. If successful, they can extract the secret from the ClientKeyExchange message, potentially leading to decryption of application data transmitted during that session.",Gnu,gnutls,7.4,HIGH,0.0023499999660998583,false,false,false,false,,false,false,2023-02-15T00:00:00.000Z,0
CVE-2021-4209,https://securityvulnerability.io/vulnerability/CVE-2021-4209,,"A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.",Gnu,Gnutls,6.5,MEDIUM,0.00171999994199723,false,false,false,false,,false,false,2022-08-24T15:07:31.000Z,0
CVE-2022-2509,https://securityvulnerability.io/vulnerability/CVE-2022-2509,,A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.,Gnu,Gnutls,7.5,HIGH,0.0024900001008063555,false,false,false,false,,false,false,2022-08-01T14:01:10.000Z,0
CVE-2021-20232,https://securityvulnerability.io/vulnerability/CVE-2021-20232,,A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.,Gnu,Gnutls,9.8,CRITICAL,0.00761000020429492,false,false,false,false,,false,false,2021-03-12T18:25:29.000Z,0
CVE-2021-20231,https://securityvulnerability.io/vulnerability/CVE-2021-20231,,A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.,Gnu,Gnutls,9.8,CRITICAL,0.006279999855905771,false,false,false,false,,false,false,2021-03-12T18:23:59.000Z,0
CVE-2020-24659,https://securityvulnerability.io/vulnerability/CVE-2020-24659,,"An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.",Gnu,Gnutls,7.5,HIGH,0.005369999911636114,false,false,false,false,,false,false,2020-09-04T14:03:36.000Z,0
CVE-2020-13777,https://securityvulnerability.io/vulnerability/CVE-2020-13777,,"GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.",Gnu,Gnutls,7.4,HIGH,0.0032399999909102917,false,false,false,true,true,false,false,2020-06-04T07:01:07.000Z,0
CVE-2020-11501,https://securityvulnerability.io/vulnerability/CVE-2020-11501,,"GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.",Gnu,Gnutls,7.4,HIGH,0.0025100000202655792,false,false,false,false,,false,false,2020-04-03T12:42:28.000Z,0
CVE-2015-8313,https://securityvulnerability.io/vulnerability/CVE-2015-8313,,GnuTLS incorrectly validates the first byte of padding in CBC modes,Gnu,Gnutls,5.9,MEDIUM,0.05347999930381775,false,false,false,false,,false,false,2019-12-20T13:10:23.000Z,0
CVE-2016-4456,https://securityvulnerability.io/vulnerability/CVE-2016-4456,,"The ""GNUTLS_KEYLOGFILE"" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.",Gnu,Gnutls,7.5,HIGH,0.0015800000401213765,false,false,false,false,,false,false,2017-08-08T21:00:00.000Z,0
CVE-2017-7869,https://securityvulnerability.io/vulnerability/CVE-2017-7869,,GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.,Gnu,Gnutls,7.5,HIGH,0.005369999911636114,false,false,false,false,,false,false,2017-04-14T04:30:00.000Z,0
CVE-2016-7444,https://securityvulnerability.io/vulnerability/CVE-2016-7444,,"The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.",Gnu,Gnutls,7.5,HIGH,0.0038900000508874655,false,false,false,false,,false,false,2016-09-27T15:00:00.000Z,0
CVE-2015-3308,https://securityvulnerability.io/vulnerability/CVE-2015-3308,,Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.,Gnu,Gnutls,,,0.03297000005841255,false,false,false,false,,false,false,2015-09-02T14:00:00.000Z,0
CVE-2015-6251,https://securityvulnerability.io/vulnerability/CVE-2015-6251,,Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.,Gnu,Gnutls,,,0.18166999518871307,false,false,false,false,,false,false,2015-08-24T14:00:00.000Z,0
CVE-2014-8155,https://securityvulnerability.io/vulnerability/CVE-2014-8155,,"GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.",Gnu,Gnutls,,,0.0012100000167265534,false,false,false,false,,false,false,2015-08-14T18:00:00.000Z,0
CVE-2015-0282,https://securityvulnerability.io/vulnerability/CVE-2015-0282,,"GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.",Gnu,Gnutls,,,0.00343999988399446,false,false,false,false,,false,false,2015-03-24T17:00:00.000Z,0
CVE-2014-8564,https://securityvulnerability.io/vulnerability/CVE-2014-8564,,"The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.",Gnu,Gnutls,,,0.006300000008195639,false,false,false,false,,false,false,2014-11-13T15:00:00.000Z,0
CVE-2014-3465,https://securityvulnerability.io/vulnerability/CVE-2014-3465,,"The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.",Gnu,Gnutls,,,0.04033000022172928,false,false,false,false,,false,false,2014-06-10T14:00:00.000Z,0
CVE-2014-3467,https://securityvulnerability.io/vulnerability/CVE-2014-3467,,"Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.",Gnu,"Gnutls,Libtasn1",,,0.013749999925494194,false,false,false,false,,false,false,2014-06-05T20:00:00.000Z,0
CVE-2014-3468,https://securityvulnerability.io/vulnerability/CVE-2014-3468,,"The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.",Gnu,"Gnutls,Libtasn1",,,0.007180000189691782,false,false,false,false,,false,false,2014-06-05T20:00:00.000Z,0
CVE-2014-3469,https://securityvulnerability.io/vulnerability/CVE-2014-3469,,The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.,Gnu,"Gnutls,Libtasn1",,,0.0036800000816583633,false,false,false,false,,false,false,2014-06-05T20:00:00.000Z,0
CVE-2014-3466,https://securityvulnerability.io/vulnerability/CVE-2014-3466,,"Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.",Gnu,Gnutls,,,0.5046399831771851,false,false,false,true,true,false,false,2014-06-03T14:00:00.000Z,0
CVE-2014-0092,https://securityvulnerability.io/vulnerability/CVE-2014-0092,,"lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.",Gnu,Gnutls,,,0.01573999971151352,false,false,false,false,,false,false,2014-03-07T00:10:00.000Z,0
CVE-2009-5138,https://securityvulnerability.io/vulnerability/CVE-2009-5138,,"GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.",Gnu,Gnutls,,,0.006940000224858522,false,false,false,false,,false,false,2014-03-07T00:10:00.000Z,0
CVE-2014-1959,https://securityvulnerability.io/vulnerability/CVE-2014-1959,,"lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.",Gnu,Gnutls,,,0.00788000039756298,false,false,false,false,,false,false,2014-03-07T00:10:00.000Z,0