| CVE-2021-20232 |
AVG-1674 |
Low |
Yes |
Arbitrary code execution |
A security issue was found in GnuTLS before version 3.7.1. It was found that the client sending a "pre_share_key" extension may result in dereferencing a... |
| CVE-2021-20231 |
AVG-1674 |
Low |
Yes |
Arbitrary code execution |
A security issue was found in GnuTLS before version 3.7.1. It was found that the client sending a "key_share" extension may result in dereferencing a... |
| CVE-2020-13777 |
AVG-1177 |
High |
Yes |
Man-in-the-middle |
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass... |
| CVE-2019-3836 |
AVG-945 |
Medium |
Yes |
Denial of service |
An invalid pointer access via malformed TLS1.3 async messages has been found in GnuTLS versions prior to 3.6.7. |
| CVE-2019-3829 |
AVG-945 |
Critical |
Yes |
Arbitrary code execution |
A critical memory corruption vulnerability has been found in GnuTLS versions prior to 3.6.7, in any API backed by verify_crt(), including... |
| CVE-2017-7507 |
AVG-294 |
Medium |
Yes |
Denial of service |
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could... |
| CVE-2016-7444 |
AVG-26 |
Medium |
Yes |
Certificate verification bypass |
Incorrect length validation on gnutls's gnutls_ocsp_resp_check_crt method can allow an attacker to use a OCSP response for a different certificate (but from... |