Debian Gnutls28 vulnerabilities

CVE-2020-13777 [HIGH] CVE-2020-13777: gnutls28 - GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ... GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key deriv

CVE-2019-3829 [MEDIUM] CVE-2019-3829: gnutls28 - A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory c... A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. Scope: local bookworm: resolved (fixed in 3.6.7-2) bullseye: resolved (fixed in 3.6.7-2) forky: resolved (

CVE-2019-3836 [MEDIUM] CVE-2019-3836: gnutls28 - It was discovered in gnutls before version 3.6.7 upstream that there is an unini... It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. Scope: local bookworm: resolved (fixed in 3.6.7-2) bullseye: resolved (fixed in 3.6.7-2) forky: resolved (fixed in 3.6.7-2) sid: resolved (fixed in 3.6.7-2) trixie: resol

CVE-2018-10845 [MEDIUM] CVE-2018-10845: gnutls28 - It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a ... It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. Scope: local bookworm: resolved (fixed in 3.5.19-1) bullseye: resolved (fixed in 3.5.19-1)

CVE-2018-10844 [MEDIUM] CVE-2018-10844: gnutls28 - It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a ... It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. Scope: local bookworm: resolved (fixed in 3.5.19-1) bullseye: resolved (fixed in 3.5.19-1)

CVE-2018-16868 [MEDIUM] CVE-2018-16868: gnutls28 - A Bleichenbacher type side-channel based padding oracle attack was found in the ... A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. Scope: local bookworm:

CVE-2018-10846 [MEDIUM] CVE-2018-10846: gnutls28 - A cache-based side channel in GnuTLS implementation that leads to plain text rec... A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. Scope: local bookworm: resolved (fixed in 3.5.19-1) bullseye: resolved (fixed in 3.5.19

CVE-2017-5334 [CRITICAL] CVE-2017-5334: gnutls28 - Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS... Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. Scope: local bookworm: resolved (fixed in 3.5.8-1) bullseye: resolved (fixed in 3.5.

CVE-2017-5337 [CRITICAL] CVE-2017-5337: gnutls28 - Multiple heap-based buffer overflows in the read_attribute function in GnuTLS be... Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. Scope: local bookworm: resolved (fixed in 3.5.8-1) bullseye: resolved (fixed in 3.5.8-1) forky: resolved (fixed in 3.5.8-1) sid: resolved (fixed in 3.5.8-1) trixie:

CVE-2017-5336 [CRITICAL] CVE-2017-5336: gnutls28 - Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubk... Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. Scope: local bookworm: resolved (fixed in 3.5.8-1) bullseye: resolved (fixed in 3.5.8-1) forky: resolved (fixed in 3.5.8-1) sid: resolved (fixed in

CVE-2017-5335 [HIGH] CVE-2017-5335: gnutls28 - The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.2... The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. Scope: local bookworm: resolved (fixed in 3.5.8-1) bullseye: resolved (fixed in 3.5.8-1) forky: resolved (fixed in 3.5.8-1) sid: resolved (fixed

CVE-2017-7869 [HIGH] CVE-2017-7869: gnutls28 - GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflo... GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. Scope: local bookworm: resolved (fixed in 3.5.8-4) bullseye: resolved (fixed in 3.5.8-4) forky: resolv

CVE-2017-7507 [HIGH] CVE-2017-7507: gnutls28 - GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference wh... GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. Scope: local bookworm: resolved (fixed in 3.5.8-6) bullseye: resolved (fixed in 3.5.8-6) forky: resolved (fixed in 3.5.8-6) sid: resolved (fixed in 3.5.8-6) trixi

CVE-2016-4456 [HIGH] CVE-2016-4456: gnutls28 - The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote atta... The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. Scope: local bookworm: resolved (fixed in 3.4.13-1) bullseye: resolved (fixed in 3.4.13-1) forky: resolved (fixed in 3.4.13-1) sid: resolved (fixed in 3.4.13-1) trixie: resolved (fixed in 3.4.13-1)

CVE-2016-7444 [HIGH] CVE-2016-7444: gnutls28 - The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.... The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. Scope: local bookworm: resolved (fixed in 3.5.3-4) bullsey

CVE-2015-3308 [HIGH] CVE-2015-3308: gnutls28 - Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows ... Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. Scope: local bookworm: resolved (fixed in 3.3.8-7) bullseye: resolved (fixed in 3.3.8-7) forky: resolved (fixed in 3.3.8-7) sid: resolved (fixed in 3.3.8-7) trixie

CVE-2015-0294 [HIGH] CVE-2015-0294: gnutls28 - GnuTLS before 3.3.13 does not validate that the signature algorithms match when ... GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. Scope: local bookworm: resolved (fixed in 3.3.8-6) bullseye: resolved (fixed in 3.3.8-6) forky: resolved (fixed in 3.3.8-6) sid: resolved (fixed in 3.3.8-6) trixie: resolved (fixed in 3.3.8-6)

CVE-2015-7575 [MEDIUM] CVE-2015-7575: gnutls28 - Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefo... Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Scope: local bookworm: resolved (fi

CVE-2015-6251 [MEDIUM] CVE-2015-6251: gnutls28 - Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows ... Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. Scope: local bookworm: resolved (fixed in 3.3.17-1) bullseye: resolved (fixed in 3.3.17-1) forky: resolved (fixed in 3.3.17-1) sid: resolved (fixed in 3.3.17-1) trixie: resolved (fixe

CVE-2015-8313 [MEDIUM] CVE-2015-8313: gnutls28 - GnuTLS incorrectly validates the first byte of padding in CBC modes GnuTLS incorrectly validates the first byte of padding in CBC modes Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved