Refine your search
5 vulnerabilities found for by GnuTLS
CVE-2025-13151 (GCVE-0-2025-13151)
Vulnerability from cvelistv5
Published
2026-01-07 21:14
Modified
2026-01-20 17:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T21:32:59.782767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T21:33:12.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-20T17:08:41.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/5"
},
{
"url": "https://www.kb.cert.org/vuls/id/271649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libtasn1",
"vendor": "GnuTLS",
"versions": [
{
"lessThanOrEqual": "4.20.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was reported Benny Zelster from Microsoft Security Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T21:15:56.927Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "Source Code Respoitory",
"url": "https://gitlab.com/gnutls/libtasn1"
},
{
"name": "Proposed Pull Request",
"tags": [
"patch"
],
"url": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-13151",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-13151"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-13151",
"datePublished": "2026-01-07T21:14:05.223Z",
"dateReserved": "2025-11-13T21:14:53.973Z",
"dateUpdated": "2026-01-20T17:08:41.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2015-0294 (GCVE-0-2015-0294)
Vulnerability from cvelistv5
Published
2020-01-27 15:12
Modified
2024-08-06 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cryptography
Summary
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GnuTLS",
"vendor": "GnuTLS",
"versions": [
{
"status": "affected",
"version": "before 3.3.13"
}
]
}
],
"datePublic": "2015-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cryptography",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T15:12:11.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GnuTLS",
"version": {
"version_data": [
{
"version_value": "before 3.3.13"
}
]
}
}
]
},
"vendor_name": "GnuTLS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cryptography"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323"
},
{
"name": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff",
"refsource": "MISC",
"url": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff"
},
{
"name": "http://www.debian.org/security/2015/dsa-3191",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0294",
"datePublished": "2020-01-27T15:12:11.000Z",
"dateReserved": "2014-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:03:10.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3836 (GCVE-0-2019-3836)
Vulnerability from cvelistv5
Published
2019-04-01 14:16
Modified
2024-08-04 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/issues/704"
},
{
"name": "FEDORA-2019-46df367eed",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"name": "GLSA-201904-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0005/"
},
{
"name": "openSUSE-SU-2019:1353",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "RHSA-2019:3600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnutls",
"vendor": "gnutls",
"versions": [
{
"status": "affected",
"version": "fixed in gnutls 3.6.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-456",
"description": "CWE-456",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:08:11.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/issues/704"
},
{
"name": "FEDORA-2019-46df367eed",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"name": "GLSA-201904-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0005/"
},
{
"name": "openSUSE-SU-2019:1353",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "RHSA-2019:3600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gnutls",
"version": {
"version_data": [
{
"version_value": "fixed in gnutls 3.6.7"
}
]
}
}
]
},
"vendor_name": "gnutls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-456"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836"
},
{
"name": "https://gitlab.com/gnutls/gnutls/issues/704",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/issues/704"
},
{
"name": "FEDORA-2019-46df367eed",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"name": "GLSA-201904-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0005/"
},
{
"name": "openSUSE-SU-2019:1353",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "USN-3999-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "RHSA-2019:3600",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3836",
"datePublished": "2019-04-01T14:16:51.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3829 (GCVE-0-2019-3829)
Vulnerability from cvelistv5
Published
2019-03-27 17:24
Modified
2024-08-04 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/issues/694"
},
{
"name": "FEDORA-2019-971ded6f90",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/"
},
{
"name": "FEDORA-2019-e8c1cf958f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/"
},
{
"name": "FEDORA-2019-46df367eed",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"name": "GLSA-201904-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"name": "openSUSE-SU-2019:1353",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190619-0004/"
},
{
"name": "RHSA-2019:3600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnutls",
"vendor": "gnutls",
"versions": [
{
"status": "affected",
"version": "fixed in 3.6.7"
},
{
"status": "affected",
"version": "affected from 3.5.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:08:12.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/gnutls/issues/694"
},
{
"name": "FEDORA-2019-971ded6f90",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/"
},
{
"name": "FEDORA-2019-e8c1cf958f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/"
},
{
"name": "FEDORA-2019-46df367eed",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"name": "GLSA-201904-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"name": "openSUSE-SU-2019:1353",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "USN-3999-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190619-0004/"
},
{
"name": "RHSA-2019:3600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gnutls",
"version": {
"version_data": [
{
"version_value": "fixed in 3.6.7"
},
{
"version_value": "affected from 3.5.8"
}
]
}
}
]
},
"vendor_name": "gnutls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27",
"refsource": "MISC",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829"
},
{
"name": "https://gitlab.com/gnutls/gnutls/issues/694",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/issues/694"
},
{
"name": "FEDORA-2019-971ded6f90",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/"
},
{
"name": "FEDORA-2019-e8c1cf958f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/"
},
{
"name": "FEDORA-2019-46df367eed",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/"
},
{
"name": "GLSA-201904-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-14"
},
{
"name": "openSUSE-SU-2019:1353",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
},
{
"name": "USN-3999-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3999-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190619-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190619-0004/"
},
{
"name": "RHSA-2019:3600",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3829",
"datePublished": "2019-03-27T17:24:17.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7507 (GCVE-0-2017-7507)
Vulnerability from cvelistv5
Published
2017-06-16 19:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- NULL pointer dereference
Summary
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99102",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99102"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4"
},
{
"name": "DSA-3884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gnutls",
"vendor": "GnuTLS",
"versions": [
{
"status": "affected",
"version": "3.5.12"
}
]
}
],
"datePublic": "2017-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL pointer dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "99102",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99102"
},
{
"name": "RHSA-2017:2292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4"
},
{
"name": "DSA-3884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3884"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7507",
"datePublished": "2017-06-16T19:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:04:11.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}