gnutls

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A library which provides a secure layer over a reliable transport layer
Version 3.8.3-1 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1674 3.7.0-1 3.7.1-1 Low Fixed
AVG-1177 3.6.13-2 3.6.14-1 High Fixed
AVG-945 3.6.6-3 3.6.7-1 Critical Fixed
AVG-294 3.5.12-1 3.5.13-1 Medium Fixed
AVG-26 3.4.14-1 3.4.15-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-20232 AVG-1674 Low Yes Arbitrary code execution
A security issue was found in GnuTLS before version 3.7.1. It was found that the client sending a "pre_share_key" extension may result in dereferencing a...
CVE-2021-20231 AVG-1674 Low Yes Arbitrary code execution
A security issue was found in GnuTLS before version 3.7.1. It was found that the client sending a "key_share" extension may result in dereferencing a...
CVE-2020-13777 AVG-1177 High Yes Man-in-the-middle
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass...
CVE-2019-3836 AVG-945 Medium Yes Denial of service
An invalid pointer access via malformed TLS1.3 async messages has been found in GnuTLS versions prior to 3.6.7.
CVE-2019-3829 AVG-945 Critical Yes Arbitrary code execution
A critical memory corruption vulnerability has been found in GnuTLS versions prior to 3.6.7, in any API backed by verify_crt(), including...
CVE-2017-7507 AVG-294 Medium Yes Denial of service
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could...
CVE-2016-7444 AVG-26 Medium Yes Certificate verification bypass
Incorrect length validation on gnutls's gnutls_ocsp_resp_check_crt method can allow an attacker to use a OCSP response for a different certificate (but from...

Advisories

Date Advisory Group Severity Type
13 Mar 2021 ASA-202103-1 AVG-1674 Low arbitrary code execution
06 Jun 2020 ASA-202006-2 AVG-1177 High man-in-the-middle
05 Apr 2019 ASA-201904-2 AVG-945 Critical multiple issues
13 Jun 2017 ASA-201706-12 AVG-294 Medium denial of service
26 Sep 2016 ASA-201609-25 AVG-26 Medium certificate verification bypass