gnutls

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A library which provides a secure layer over a reliable transport layer
Version 3.6.7-1 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-945 3.6.6-3 3.6.7-1 Critical Fixed
AVG-294 3.5.12-1 3.5.13-1 Medium Fixed
AVG-26 3.4.14-1 3.4.15-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2019-3836 AVG-945 Medium Yes Denial of service
An invalid pointer access via malformed TLS1.3 async messages has been found in GnuTLS versions prior to 3.6.7.
CVE-2019-3829 AVG-945 Critical Yes Arbitrary code execution
A critical memory corruption vulnerability has been found in GnuTLS versions prior to 3.6.7, in any API backed by verify_crt(), including...
CVE-2017-7507 AVG-294 Medium Yes Denial of service
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could...
CVE-2016-7444 AVG-26 Medium Yes Certificate verification bypass
Incorrect length validation on gnutls's gnutls_ocsp_resp_check_crt method can allow an attacker to use a OCSP response for a different certificate (but from...

Advisories

Date Advisory Group Severity Description
05 Apr 2019 ASA-201904-2 AVG-945 Critical multiple issues
13 Jun 2017 ASA-201706-12 AVG-294 Medium denial of service
26 Sep 2016 ASA-201609-25 AVG-26 Medium certificate verification bypass