gnutls

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A library which provides a secure layer over a reliable transport layer
Version 3.5.18-1 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-294 3.5.12-1 3.5.13-1 Medium Fixed
AVG-26 3.4.14-1 3.4.15-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2017-7507 AVG-294 Medium Yes Denial of service
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could...
CVE-2016-7444 AVG-26 Medium Yes Certificate verification bypass
Incorrect length validation on gnutls's gnutls_ocsp_resp_check_crt method can allow an attacker to use a OCSP response for a different certificate (but from...

Advisories

Date Advisory Group Severity Description
13 Jun 2017 ASA-201706-12 AVG-294 Medium denial of service
26 Sep 2016 ASA-201609-25 AVG-26 Medium certificate verification bypass