cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-0361,https://securityvulnerability.io/vulnerability/CVE-2023-0361,Timing Side-Channel Vulnerability in GnuTLS RSA ClientKeyExchange,"A timing side-channel vulnerability has been identified in GnuTLS's processing of RSA ClientKeyExchange messages. This flaw can expose sensitive keys through a network, enabling attackers to mount a Bleichenbacher-style attack. To exploit this vulnerability, the attacker must send a high volume of specially crafted messages to the vulnerable server. If successful, they can extract the secret from the ClientKeyExchange message, potentially leading to decryption of application data transmitted during that session.",Gnu,gnutls,7.4,HIGH,0.0023499999660998583,false,,false,false,false,,,false,false,,2023-02-15T00:00:00.000Z,0
CVE-2021-4209,https://securityvulnerability.io/vulnerability/CVE-2021-4209,NULL Pointer Dereference in GnuTLS Affects Nettle's Hash Update Functions,"A NULL pointer dereference flaw exists in GnuTLS, impacting its hash update functions within Nettle. This vulnerability arises when zero-length input is provided, leading to potential undefined behavior. In some rare scenarios, this may result in a denial of service occurring after user authentication.",Gnu,Gnutls,6.5,MEDIUM,0.00171999994199723,false,,false,false,false,,,false,false,,2022-08-24T15:07:31.000Z,0
CVE-2022-2509,https://securityvulnerability.io/vulnerability/CVE-2022-2509,Double Free Vulnerability in GnuTLS Affecting Multiple Platforms,"A double free error has been identified in the GnuTLS library, specifically during the verification process of pkcs7 signatures within the gnutls_pkcs7_verify function. This issue could potentially allow an attacker to exploit the memory management flaws, leading to unexpected behavior in affected applications. Users of GnuTLS are advised to update to the latest version to mitigate the risk associated with this vulnerability.",Gnu,Gnutls,7.5,HIGH,0.0035000001080334187,false,,false,false,false,,,false,false,,2022-08-01T14:01:10.000Z,0
CVE-2021-20232,https://securityvulnerability.io/vulnerability/CVE-2021-20232,Memory Corruption Vulnerability in GnuTLS Library by GnuTLS,"A flaw in the GnuTLS library involves a use after free issue within the client_send_params function located in lib/ext/pre_shared_key.c. This vulnerability could lead to memory corruption, potentially allowing attackers to exploit system resources or gain unauthorized access to sensitive data.",Gnu,Gnutls,9.8,CRITICAL,0.008340000174939632,false,,false,false,false,,,false,false,,2021-03-12T18:25:29.000Z,0
CVE-2021-20231,https://securityvulnerability.io/vulnerability/CVE-2021-20231,Use After Free Vulnerability in GnuTLS Client Key_Share Extension,"A vulnerability exists in GnuTLS that affects the client when sending the key_share extension, which can lead to a use after free situation. This flaw can result in memory corruption, potentially leading to a range of security issues, including arbitrary code execution in certain scenarios. It highlights the need for immediate attention and timely updates to mitigate risks associated with this vulnerability.",Gnu,Gnutls,9.8,CRITICAL,0.006889999844133854,false,,false,false,false,,,false,false,,2021-03-12T18:23:59.000Z,0
CVE-2020-24659,https://securityvulnerability.io/vulnerability/CVE-2020-24659,TLS 1.3 Client Vulnerability in GnuTLS from GnuTLS Project,"A vulnerability exists in GnuTLS affecting versions prior to 3.6.15, where a server can induce a NULL pointer dereference in a TLS 1.3 client. This occurs when a no_renegotiation alert is sent with unexpected timing, followed by an invalid second handshake. The issue manifests during the application's error management sequence, specifically when the gnutls_deinit function is invoked due to a handshake failure. This flaw can potentially lead to application crashes, impacting the reliability and stability of services utilizing GnuTLS.",Gnu,Gnutls,7.5,HIGH,0.005369999911636114,false,,false,false,false,,,false,false,,2020-09-04T14:03:36.000Z,0
CVE-2020-13777,https://securityvulnerability.io/vulnerability/CVE-2020-13777,Confidentiality Vulnerability in GnuTLS Products by GnuTLS,"GnuTLS versions prior to 3.6.14 are affected by a cryptographic vulnerability that leads to loss of confidentiality in TLS 1.2 and an authentication bypass in TLS 1.3 due to incorrect session ticket encryption. This problem originates from a commit made in September 2018. Until the first key rotation occurs, the TLS server substitutes erroneous data instead of a properly derived encryption key from the application, exposing the session's sensitive information.",Gnu,Gnutls,7.4,HIGH,0.0032399999909102917,false,,false,false,true,2020-06-21T11:55:40.000Z,true,false,false,,2020-06-04T07:01:07.000Z,0
CVE-2020-11501,https://securityvulnerability.io/vulnerability/CVE-2020-11501,Insecure Cryptography in GnuTLS Affects Multiple Versions,"GnuTLS prior to version 3.6.13 has a cryptographic flaw in its implementation of the DTLS protocol. Due to an error introduced in a past commit, the DTLS client resorts to using a predetermined sequence of 32 null bytes instead of a sufficiently random value. This lack of randomness undermines the security assurances of DTLS, making it easier for potential attacks to predict session parameters and compromise communications.",Gnu,Gnutls,7.4,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2020-04-03T12:42:28.000Z,0
CVE-2015-8313,https://securityvulnerability.io/vulnerability/CVE-2015-8313,Padding Validation Flaw in GnuTLS Affects Multiple Distributions,"A vulnerability in the GnuTLS Library arises from improper validation of the first byte of padding in Cipher Block Chaining (CBC) modes. This flaw can potentially allow attackers to exploit the system, possibly facilitating information disclosure or other security breaches. Users of affected GnuTLS versions are advised to update to safe versions to ensure the integrity and confidentiality of secured data.",Gnu,Gnutls,5.9,MEDIUM,0.05347999930381775,false,,false,false,false,,,false,false,,2019-12-20T13:10:23.000Z,0
CVE-2016-4456,https://securityvulnerability.io/vulnerability/CVE-2016-4456,,"The ""GNUTLS_KEYLOGFILE"" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.",Gnu,Gnutls,7.5,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2017-08-08T21:00:00.000Z,0
CVE-2017-7869,https://securityvulnerability.io/vulnerability/CVE-2017-7869,,GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.,Gnu,Gnutls,7.5,HIGH,0.005369999911636114,false,,false,false,false,,,false,false,,2017-04-14T04:30:00.000Z,0
CVE-2016-7444,https://securityvulnerability.io/vulnerability/CVE-2016-7444,,"The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.",Gnu,Gnutls,7.5,HIGH,0.0038900000508874655,false,,false,false,false,,,false,false,,2016-09-27T15:00:00.000Z,0
CVE-2015-3308,https://securityvulnerability.io/vulnerability/CVE-2015-3308,,Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.,Gnu,Gnutls,,,0.03297000005841255,false,,false,false,false,,,false,false,,2015-09-02T14:00:00.000Z,0
CVE-2015-6251,https://securityvulnerability.io/vulnerability/CVE-2015-6251,,Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.,Gnu,Gnutls,,,0.1826300024986267,false,,false,false,false,,,false,false,,2015-08-24T14:00:00.000Z,0
CVE-2014-8155,https://securityvulnerability.io/vulnerability/CVE-2014-8155,,"GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.",Gnu,Gnutls,,,0.0012100000167265534,false,,false,false,false,,,false,false,,2015-08-14T18:00:00.000Z,0
CVE-2015-0282,https://securityvulnerability.io/vulnerability/CVE-2015-0282,,"GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.",Gnu,Gnutls,,,0.00343999988399446,false,,false,false,false,,,false,false,,2015-03-24T17:00:00.000Z,0
CVE-2014-8564,https://securityvulnerability.io/vulnerability/CVE-2014-8564,,"The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.",Gnu,Gnutls,,,0.006300000008195639,false,,false,false,false,,,false,false,,2014-11-13T15:00:00.000Z,0
CVE-2014-3465,https://securityvulnerability.io/vulnerability/CVE-2014-3465,,"The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.",Gnu,Gnutls,,,0.04033000022172928,false,,false,false,false,,,false,false,,2014-06-10T14:00:00.000Z,0
CVE-2014-3467,https://securityvulnerability.io/vulnerability/CVE-2014-3467,,"Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.",Gnu,"Gnutls,Libtasn1",,,0.013749999925494194,false,,false,false,false,,,false,false,,2014-06-05T20:00:00.000Z,0
CVE-2014-3468,https://securityvulnerability.io/vulnerability/CVE-2014-3468,,"The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.",Gnu,"Gnutls,Libtasn1",,,0.007180000189691782,false,,false,false,false,,,false,false,,2014-06-05T20:00:00.000Z,0
CVE-2014-3469,https://securityvulnerability.io/vulnerability/CVE-2014-3469,,The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.,Gnu,"Gnutls,Libtasn1",,,0.0036800000816583633,false,,false,false,false,,,false,false,,2014-06-05T20:00:00.000Z,0
CVE-2014-3466,https://securityvulnerability.io/vulnerability/CVE-2014-3466,,"Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.",Gnu,Gnutls,,,0.5046399831771851,false,,false,false,true,2014-06-01T20:36:31.000Z,true,false,false,,2014-06-03T14:00:00.000Z,0
CVE-2014-0092,https://securityvulnerability.io/vulnerability/CVE-2014-0092,,"lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.",Gnu,Gnutls,,,0.01573999971151352,false,,false,false,false,,,false,false,,2014-03-07T00:10:00.000Z,0
CVE-2009-5138,https://securityvulnerability.io/vulnerability/CVE-2009-5138,,"GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.",Gnu,Gnutls,,,0.006940000224858522,false,,false,false,false,,,false,false,,2014-03-07T00:10:00.000Z,0
CVE-2014-1959,https://securityvulnerability.io/vulnerability/CVE-2014-1959,,"lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.",Gnu,Gnutls,,,0.00788000039756298,false,,false,false,false,,,false,false,,2014-03-07T00:10:00.000Z,0