Debian Gnutls28 vulnerabilities

CVE-2026-1584 [HIGH] CVE-2026-1584: gnutls28 bookworm: resolved bullseye: resolved forky: resolved (fixed in 3.8.12-1) sid: resolved (fixed in 3.8.12-1) trixie: resolved

CVE-2025-32988 [MEDIUM] CVE-2025-32988: gnutls28 - A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to ... A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent

CVE-2025-32989 [MEDIUM] CVE-2025-32989: gnutls28 - A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the C... A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to th

CVE-2025-6395 [MEDIUM] CVE-2025-6395: gnutls28 - A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figu... A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). Scope: local bookworm: resolved (fixed in 3.7.9-2+deb12u5) bullseye: resolved (fixed in 3.7.1-5+deb11u8) forky: resolved (fixed in 3.8.9-3) sid: resolved (fixed in 3.8.9-3) trixie: resolved (fixed in 3.8.9-3)

CVE-2025-32990 [MEDIUM] CVE-2025-32990: gnutls28 - A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the... A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. Sco

CVE-2025-14831 [MEDIUM] CVE-2025-14831: gnutls28 - A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) ... A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs). Scope: local bookworm: resolved (fixed in 3.7.9-2+deb12u6) bullseye: resolved (fixed in 3.

CVE-2025-9820 [MEDIUM] CVE-2025-9820: gnutls28 - A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_... A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited

CVE-2024-0567 [HIGH] CVE-2024-0567: gnutls28 - A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects... A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. Scope: local bookworm: resolved (fixed in 3.7.9-2+deb1

CVE-2024-12243 [MEDIUM] CVE-2024-12243: gnutls28 - A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. ... A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, res

CVE-2024-28834 [MEDIUM] CVE-2024-28834: gnutls28 - A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability ... A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-chan

CVE-2024-28835 [MEDIUM] CVE-2024-28835: gnutls28 - A flaw has been discovered in GnuTLS where an application crash can be induced w... A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. Scope: local bookworm: resolved (fixed in 3.7.9-2+deb12u3) bullseye: resolved (fixed in 3.7.1-5+deb11u6) forky: resolved (fixed in 3.8.4-2) sid: resolved (fixed in 3.8.4-2) trixie: re

CVE-2024-0553 [MEDIUM] CVE-2024-0553: gnutls28 - A vulnerability was found in GnuTLS. The response times to malformed ciphertexts... A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 i

CVE-2023-0361 [HIGH] CVE-2023-0361: gnutls28 - A timing side-channel in the handling of RSA ClientKeyExchange messages was disc... A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable ser

CVE-2023-5981 [MEDIUM] CVE-2023-5981: gnutls28 - A vulnerability was found that the response times to malformed ciphertexts in RS... A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Scope: local bookworm: resolved (fixed in 3.7.9-2+deb12u1) bullseye: resolved (fixed in 3.7.1-5+deb11u4) forky: resolved (fixed in 3.8.2-1) sid: resolved (fixed in 3.8.2-1) trixie: resolv

CVE-2022-2509 [HIGH] CVE-2022-2509: gnutls28 - A vulnerability found in gnutls. This security flaw happens because of a double ... A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. Scope: local bookworm: resolved (fixed in 3.7.7-1) bullseye: resolved (fixed in 3.7.1-5+deb11u2) forky: resolved (fixed in 3.7.7-1) sid: resolved (fixed in 3.7.7-1) trixie: resolved (fixed in 3.7.7-

CVE-2021-20232 [CRITICAL] CVE-2021-20232: gnutls28 - A flaw was found in gnutls. A use after free issue in client_send_params in lib/... A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. Scope: local bookworm: resolved (fixed in 3.7.1-1) bullseye: resolved (fixed in 3.7.1-1) forky: resolved (fixed in 3.7.1-1) sid: resolved (fixed in 3.7.1-1) trixie: resolved (fixed in 3.7.1-1)

CVE-2021-20231 [CRITICAL] CVE-2021-20231: gnutls28 - A flaw was found in gnutls. A use after free issue in client sending key_share e... A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. Scope: local bookworm: resolved (fixed in 3.7.1-1) bullseye: resolved (fixed in 3.7.1-1) forky: resolved (fixed in 3.7.1-1) sid: resolved (fixed in 3.7.1-1) trixie: resolved (fixed in 3.7.1-1)

CVE-2021-4209 [MEDIUM] CVE-2021-4209: gnutls28 - A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update fun... A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. Scope: local bookworm: resolved (fixed in 3.7.3-2) bullseye: resolved (fixed in 3.7.1-5+deb11u1) forky: resolved (f

CVE-2020-24659 [HIGH] CVE-2020-24659: gnutls28 - An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL poi... An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. Scope

CVE-2020-11501 [HIGH] CVE-2020-11501: gnutls28 - GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest af... GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. Scope: local bookworm