- About Security Advisories
Although, the core GnuTLS team does not have resources to analyse the background and impact of security issues in depth, we do take security seriously. All known information on high or critical security vulnerabilities is collected and published in this page..
- Reporting security problems
Report non-public reports to the issue tracker as confidential, or send an email to the bug report mail address.
Advisories
| Tag | Other identifiers | Description | Information |
|---|---|---|---|
GNUTLS-SA-2024-01-23 |
CVE-2024-28835 | Severity Medium; Denial of service | When validating a certificate chain with more then 16 certificates GnuTLS applications crash with an assertion failure. The issue was reported in the issue tracker as #1527 and #1525. Recommendation: To address the issue found upgrade to GnuTLS 3.8.4 or later versions. |
GNUTLS-SA-2024-01-14 |
CVE-2024-0553 | Severity Medium; more timing sidechannel in RSA-PSK key exchange | The previous fix for CVE-2023-5981 turned to be incomplete as it still leaves an observable difference in the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange and the one of ciphertexts with correct PKCS#1 v1.5 padding. Only TLS ciphertext processing is affected. The issue was reported in the issue tracker as #1522. Recommendation: To address the issue found upgrade to GnuTLS 3.8.3 or later versions. |
GNUTLS-SA-2024-01-09 |
CVE-2024-0567 | Severity Medium; Denial of service | When validating a certificate chain which contains a cycle of cross-signed signatures of multiple CA certificates, GnuTLS applications crash with an assertion failure. This affects GnuTLS 3.7.0 to 3.8.2. The issue was reported in the issue tracker as #1521. Recommendation: To address the issue found upgrade to GnuTLS 3.8.3 or later versions. |
GNUTLS-SA-2023-12-04 |
CVE-2024-28834 | Severity Medium; timing sidechannel in deterministic ECDSA | A vulnerability was found that the deterministic ECDSA code leaks bit-length of random nonce which allows for full recovery of the private key used after observing a few hundreds to a few thousands of signatures on known messages, due to the application of lattice techniques. The issue was reported in the issue tracker as #1516. Recommendation: To address the issue found upgrade to GnuTLS 3.8.4 or later versions. |
GNUTLS-SA-2023-10-23 |
CVE-2023-5981 | Severity Medium; timing sidechannel in RSA-PSK key exchange | A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Only TLS ciphertext processing is affected. The issue was reported in the issue tracker as #1511. Recommendation: To address the issue found upgrade to GnuTLS 3.8.2 or later versions. |
GNUTLS-SA-2022-07-07 |
CVE-2022-2509 | Severity Medium; memory corruption | When gnutls_pkcs7_verify cannot verify signature against given trust list, it starts creating a chain of certificates starting from identified signer up to known root. During the creation of this chain the signer certificate gets freed which results in double free when the same signer certificate is freed at the end of the algorithm. This affects GnuTLS 3.6.0 to 3.7.6. The issue was reported in the issue tracker as #1383. Recommendation: To address the issue found upgrade to GnuTLS 3.7.7 or later versions. |
GNUTLS-SA-2022-01-17 |
N/A | Severity Low; memory corruption | When a single trust list object is shared among multiple threads, calls to gnutls_x509_trust_list_verify_crt2() was able to corrupt temporary memory where internal copy of an issuer certificate is stored. The code path is only taken when a PKCS#11 based trust store is enabled and the issuer certificate is already stored as trusted. This affects GnuTLS 3.7.0 to 3.7.2. The issue was reported in the issue tracker as #1277. Recommendation: To address the issue found upgrade to GnuTLS 3.7.3 or later versions. |
GNUTLS-SA-2021-03-10 |
CVE-2021-20231, CVE-2021-20232 | Severity Low; use-after-free | It was found that the client sending a "key_share" or "pre_share_key" extension may result in dereferencing a pointer no longer valid after realloc(). This only happens in TLS 1.3 and only when the client sends a large Client Hello message, e.g., when HRR is sent in a resumed session previously negotiated large FFDHE parameters, because the initial allocation of the buffer is large enough without having to call realloc(). The issue was reported in the issue tracker as #1151. Recommendation: To address the issue found upgrade to GnuTLS 3.7.1 or later versions. |
GNUTLS-SA-2020-09-04 |
CVE-2020-24659 | Severity Moderate; null-pointer dereference | It was found by oss-fuzz that the server sending a "no_renegotiation" alert in an unexpected timing, followed by an invalid second handshake can cause a TLS 1.3 client to crash via a null-pointer dereference. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. The issue was reported in the issue tracker as #1071. Recommendation: To address the issue found upgrade to GnuTLS 3.6.15 or later versions. |
GNUTLS-SA-2020-07-14 |
CVE-2023-0361 | Severity Medium; timing sidechannel in RSA decryption | A vulnerability was found that the response times to malformed RSA ciphertexts in ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Only TLS ciphertext processing is affected. The issue was reported in the issue tracker as #1050. Recommendation: To address the issue found upgrade to GnuTLS 3.8.0 or later versions. |
GNUTLS-SA-2020-06-03 |
CVE-2020-13777 | Severity High; flaw in TLS session ticket key construction |
|
GNUTLS-SA-2020-03-31 |
CVE-2020-11501 | Severity High; flaw in DTLS protocol implementation |
|
GNUTLS-SA-2019-03-27 |
CVE-2019-3836 CVE-2019-3829 | Severity High; invalid pointer access, double free |
Recommendation: To address the issues found upgrade to GnuTLS 3.6.7 or later versions. |
GNUTLS-SA-2017-06-16 |
CVE-2017-7507 | Severity High; null pointer dereference | It was found using the TLS fuzzer
tools that decoding a status response TLS extension with valid contents
could lead to a crash due to a null pointer dereference. The issue affects GnuTLS
server applications. The issue was fixed in 3.5.13. Recommendation: To address the issues found upgrade to GnuTLS 3.5.13 or later versions. |
GNUTLS-SA-2017-03-25 |
CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 | Severity High; memory corruption | It was found using the OSS-FUZZ
fuzzer infrastructure that decoding a specially crafted OpenPGP certificate
could lead to heap and stack overflows. This affects only few applications which enable the OpenPGP certificate functionality
of GnuTLS. This issue was fixed in GnuTLS 3.3.26 and 3.5.8. Recommendation: The support of OpenPGP certificates in GnuTLS is considered obsolete. As such, it is not recommended to use OpenPGP certificates with GnuTLS. To address the issues found upgrade to GnuTLS 3.3.26, 3.5.8 or later versions. |
GNUTLS-SA-2017-03-24 |
CVE-2017-5334 | Severity High; memory corruption | It was found using the OSS-FUZZ
fuzzer infrastructure that decoding a specially crafted X.509 certificate with Proxy Certificate
Information extension present could lead to a double free. This issue was fixed in
GnuTLS 3.3.26 and 3.5.8. Recommendation: Upgrade to GnuTLS 3.3.26, 3.5.8 or later versions. |
GNUTLS-SA-2015-02-09 |
CVE-2015-3308 | Severity High; memory corruption | Robert Święcki reported that decoding a specially crafted certificate with certain CRL distribution points format can lead to a double free. This issue was fixed in GnuTLS 3.3.14. Recommendation: Upgrade to GnuTLS 3.3.14, or later versions. |
GNUTLS-SA-2014-06-03 |
CVE-2014-0092 | Severity High; certificate verification issue | A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat. Who is affected by this attack?
How are past sessions affected?
How to mitigate the attack?
|
GNUTLS-SA-2009-08-12 |
CVE-2009-2730 | Severity High; false positive in certificate hostname validation |
Announcement of v2.8.3 that solves the problem. Analysis of the vulnerability and minimal patch. How to check if your GnuTLS library is vulnerable. Back-ported patches for earlier releases: [1] [2] Recommendation: Upgrade to GnuTLS 2.8.3 or later. |
GNUTLS-SA-2008-08-08 |
CVE-2008-2377 | Severity High; Denial of service on client side | Announcement Detailed analysis and patch Another report that suggest it can be exploited by hostile servers Recommendation: Upgrade to GnuTLS 2.4.1 or apply the patch. |
GNUTLS-SA-2008-05-21 |
CERT-FI announcement CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 |
Severity High; Memory corruption | Announcement and Patch Updated announcement and Patch Recommendation: Upgrade to GnuTLS 2.2.5 or apply the patch in the second link. |
GNUTLS-SA-2006-02-06 |
CVE-2006-0645 | Severity High; Memory corruption | Libtasn1 Announcement Recommendation: Upgrade to Libtasn1 0.2.18 and GnuTLS 1.2.10 (stable) or 1.3.4 (experimental). |