Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 50 results


CVE-2024-28835

Medium priority
Fixed

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

1 affected packages

gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls28 Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2024-28834

Medium priority
Fixed

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the...

1 affected packages

gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls28 Fixed Fixed Fixed Not affected Not affected
Show less packages

CVE-2024-0567

Medium priority
Fixed

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows...

1 affected packages

gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls28 Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2024-0553

Medium priority

Some fixes available 6 of 8

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker...

1 affected packages

gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls28 Fixed Fixed Fixed Needs evaluation Ignored
Show less packages

CVE-2023-5981

Medium priority

Some fixes available 5 of 6

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

1 affected packages

gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls28 Fixed Fixed Fixed Ignored
Show less packages

CVE-2023-0361

Medium priority

Some fixes available 4 of 6

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style...

1 affected packages

gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls28 Fixed Fixed Ignored Ignored
Show less packages

CVE-2022-2509

Medium priority
Fixed

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

1 affected packages

gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls28 Fixed Fixed Fixed Not affected
Show less packages

CVE-2021-4209

Low priority

Some fixes available 3 of 5

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication...

2 affected packages

gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls26 Not in release Not in release Not in release Not in release Not in release
gnutls28 Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-20232

Low priority

Some fixes available 1 of 2

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

1 affected packages

gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls28 Not affected Fixed Not affected Not affected
Show less packages

CVE-2021-20231

Low priority

Some fixes available 1 of 2

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

1 affected packages

gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls28 Not affected Fixed Not affected Not affected
Show less packages