Vulnerabilites related to gnu - gnutls
Vulnerability from fkie_nvd
Published
2020-01-27 16:15
Modified
2024-11-21 02:22
Summary
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5C552DB-2FAA-4FFF-8F2D-7939555F85A3",
                     versionEndExcluding: "3.3.13",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.",
      },
      {
         lang: "es",
         value: "GnuTLS versiones anteriores a 3.3.13, no comprueba que los algoritmos de firma coincidan cuando se importa un certificado.",
      },
   ],
   id: "CVE-2015-0294",
   lastModified: "2024-11-21T02:22:45.490",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-01-27T16:15:10.953",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2015/dsa-3191",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1196323",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2015/dsa-3191",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1196323",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-295",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-08-24 16:15
Modified
2024-11-21 06:37
Summary
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7F5A2FE-408A-4E36-BC95-40E502C06682",
                     versionEndExcluding: "3.7.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "84574629-EB00-4235-8962-45070F3C9F6A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un fallo de desreferencia de puntero NULL en GnuTLS. Como las funciones de actualización de hash de Nettle llaman internamente a memcpy, proporcionar una entrada de longitud cero puede causar un comportamiento indefinido. Este fallo conlleva a una denegación de servicio tras la autenticación en raras circunstancias.",
      },
   ],
   id: "CVE-2021-4209",
   lastModified: "2024-11-21T06:37:09.190",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-08-24T16:15:09.927",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-4209",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044156",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/issues/1306",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220915-0005/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-4209",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044156",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/issues/1306",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220915-0005/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-03-07 00:10
Modified
2024-11-21 02:01
Severity ?
Summary
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
References
secalert@redhat.comhttp://gnutls.org/security.html#GNUTLS-SA-2014-2
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0246.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0247.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0288.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0339.html
secalert@redhat.comhttp://secunia.com/advisories/56933Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/57103
secalert@redhat.comhttp://secunia.com/advisories/57204Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/57254
secalert@redhat.comhttp://secunia.com/advisories/57260
secalert@redhat.comhttp://secunia.com/advisories/57274
secalert@redhat.comhttp://secunia.com/advisories/57321
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-2869
secalert@redhat.comhttp://www.securityfocus.com/bid/65919
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2127-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1069865
af854a3a-2127-422b-91ae-364da2661108http://gnutls.org/security.html#GNUTLS-SA-2014-2
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0246.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0247.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0288.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0339.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56933Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57103
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57204Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57254
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57260
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57274
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57321
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2869
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/65919
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2127-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1069865
Impacted products
Vendor Product Version
gnu gnutls *
gnu gnutls 3.2.0
gnu gnutls 3.2.1
gnu gnutls 3.2.2
gnu gnutls 3.2.3
gnu gnutls 3.2.4
gnu gnutls 3.2.5
gnu gnutls 3.2.6
gnu gnutls 3.2.7
gnu gnutls 3.2.8
gnu gnutls 3.2.8.1
gnu gnutls 3.2.9
gnu gnutls 3.2.10
gnu gnutls *
gnu gnutls 3.1.0
gnu gnutls 3.1.1
gnu gnutls 3.1.2
gnu gnutls 3.1.3
gnu gnutls 3.1.4
gnu gnutls 3.1.5
gnu gnutls 3.1.6
gnu gnutls 3.1.7
gnu gnutls 3.1.8
gnu gnutls 3.1.9
gnu gnutls 3.1.10
gnu gnutls 3.1.11
gnu gnutls 3.1.12
gnu gnutls 3.1.13
gnu gnutls 3.1.14
gnu gnutls 3.1.15
gnu gnutls 3.1.16
gnu gnutls 3.1.17
gnu gnutls 3.1.18
gnu gnutls 3.1.19
gnu gnutls 3.1.20



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "846AD6A8-6057-4F88-A82B-38BA2B93E5E8",
                     versionEndIncluding: "3.2.11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "827A375E-8045-4A81-AB7C-11A89E862518",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEC1076D-2249-406B-9D43-B24764BBE007",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F039CD91-0FF6-4640-B981-20A3F9384A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "567E66B1-53D9-4A80-A938-2FE5C7CEB985",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA2186BE-288F-40FD-B634-76D14578E252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "773043EA-8C41-4F42-9702-660FD6822FD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "37E05061-D666-492E-AF2B-CF30FC2FA759",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A22BC2E4-A2A5-4637-A9B9-9E68FC982BC2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "68DF059C-4C1D-4B9C-993E-1C4D3510471C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E9A21B6-4A22-4801-8023-45F39EC02576",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF76A6E5-DED3-46A0-877C-B4886E7743EF",
                     versionEndIncluding: "3.1.21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D91451B0-301B-430D-9D77-00F4AE91C10A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "344CCDAD-64EC-419C-995B-51F922AB9E39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "49DB8FC4-F84A-47FD-9586-CF02761152A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "D57BDDEB-090D-472C-9FB6-4555429860E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "F430F4C6-A738-4E02-BE76-041F71335E62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "64EE97BB-D0EE-444A-96FA-D127892216F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB28F388-DE19-4C25-A838-949CA926C31A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "435C588C-A478-4FB8-A47D-2605CB39C331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EDDABF3-ECA6-433E-A7D6-8E13F0C6433B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "0142E0D7-85DD-413B-B176-2FB5E12C2FE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "780D6C0C-2B20-425E-B15E-EE1AF9F28B31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC2D3896-E095-4889-A9D1-6D8EB2882D64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3CCDF3A-BEAB-4DA2-A15A-A855FFFD415A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "425F7D5B-EE8A-46EC-B986-414FB90702C6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.",
      },
      {
         lang: "es",
         value: "lib/x509/verify.c en GnuTLS anterior a 3.1.22 y 3.2.x anterior a 3.2.12 no maneja debidamente errores no especificados cuando verifica certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores a través de un certificado manipulado.",
      },
   ],
   id: "CVE-2014-0092",
   lastModified: "2024-11-21T02:01:20.573",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-03-07T00:10:53.573",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://gnutls.org/security.html#GNUTLS-SA-2014-2",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0246.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0247.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0288.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0339.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/56933",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/57103",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/57204",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/57254",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/57274",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/57321",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2014/dsa-2869",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/65919",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-2127-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1069865",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://gnutls.org/security.html#GNUTLS-SA-2014-2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0246.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0247.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0288.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0339.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/56933",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57103",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/57204",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57254",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57274",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57321",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2014/dsa-2869",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/65919",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2127-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1069865",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-03-07 00:10
Modified
2024-11-21 02:05
Severity ?
Summary
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
Impacted products
Vendor Product Version
gnu gnutls *
gnu gnutls 3.1.0
gnu gnutls 3.1.1
gnu gnutls 3.1.2
gnu gnutls 3.1.3
gnu gnutls 3.1.4
gnu gnutls 3.1.5
gnu gnutls 3.1.6
gnu gnutls 3.1.7
gnu gnutls 3.1.8
gnu gnutls 3.1.9
gnu gnutls 3.1.10
gnu gnutls 3.1.11
gnu gnutls 3.1.12
gnu gnutls 3.1.13
gnu gnutls 3.1.14
gnu gnutls 3.1.15
gnu gnutls 3.1.16
gnu gnutls 3.1.17
gnu gnutls 3.1.18
gnu gnutls 3.1.19
gnu gnutls *
gnu gnutls 3.2.0
gnu gnutls 3.2.1
gnu gnutls 3.2.2
gnu gnutls 3.2.3
gnu gnutls 3.2.4
gnu gnutls 3.2.5
gnu gnutls 3.2.6
gnu gnutls 3.2.7
gnu gnutls 3.2.8
gnu gnutls 3.2.8.1
gnu gnutls 3.2.9



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FEE872CF-664D-4DD8-89DF-92A8A56B6CC8",
                     versionEndIncluding: "3.1.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D91451B0-301B-430D-9D77-00F4AE91C10A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "344CCDAD-64EC-419C-995B-51F922AB9E39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "49DB8FC4-F84A-47FD-9586-CF02761152A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "D57BDDEB-090D-472C-9FB6-4555429860E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "F430F4C6-A738-4E02-BE76-041F71335E62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "64EE97BB-D0EE-444A-96FA-D127892216F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB28F388-DE19-4C25-A838-949CA926C31A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "435C588C-A478-4FB8-A47D-2605CB39C331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EDDABF3-ECA6-433E-A7D6-8E13F0C6433B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "0142E0D7-85DD-413B-B176-2FB5E12C2FE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "780D6C0C-2B20-425E-B15E-EE1AF9F28B31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC2D3896-E095-4889-A9D1-6D8EB2882D64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3CCDF3A-BEAB-4DA2-A15A-A855FFFD415A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "56EE0AAB-C99F-4FB3-8DBA-D58B47BD19DD",
                     versionEndIncluding: "3.2.10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "827A375E-8045-4A81-AB7C-11A89E862518",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEC1076D-2249-406B-9D43-B24764BBE007",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F039CD91-0FF6-4640-B981-20A3F9384A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "567E66B1-53D9-4A80-A938-2FE5C7CEB985",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA2186BE-288F-40FD-B634-76D14578E252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "773043EA-8C41-4F42-9702-660FD6822FD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "37E05061-D666-492E-AF2B-CF30FC2FA759",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A22BC2E4-A2A5-4637-A9B9-9E68FC982BC2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "68DF059C-4C1D-4B9C-993E-1C4D3510471C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.",
      },
      {
         lang: "es",
         value: "lib/x509/verify.c en GnuTLS anterior a 3.1.21 y 3.2.x anterior a 3.2.11 trata certificados X.509 de versión 1 como CAs intermedios, lo que permite a atacantes remotos evadir restricciones mediante el aprovechamiento de un certificado X.509 V1 de un CA confiable para emitir certificados nuevos.",
      },
   ],
   id: "CVE-2014-1959",
   lastModified: "2024-11-21T02:05:21.197",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-03-07T00:10:57.620",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://seclists.org/oss-sec/2014/q1/344",
      },
      {
         source: "cve@mitre.org",
         url: "http://seclists.org/oss-sec/2014/q1/345",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2014/dsa-2866",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnutls.org/security.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/65559",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/USN-2121-1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/oss-sec/2014/q1/344",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/oss-sec/2014/q1/345",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2014/dsa-2866",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnutls.org/security.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/65559",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2121-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2010-05-24 19:30
Modified
2024-11-21 00:24
Severity ?
Summary
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.
Impacted products
Vendor Product Version
gnu gnutls *
gnu gnutls 1.0.16
gnu gnutls 1.0.17
gnu gnutls 1.0.18
gnu gnutls 1.0.19
gnu gnutls 1.0.20
gnu gnutls 1.0.21
gnu gnutls 1.0.22
gnu gnutls 1.0.23
gnu gnutls 1.0.24
gnu gnutls 1.0.25
gnu gnutls 1.1.13
gnu gnutls 1.1.14
gnu gnutls 1.1.15
gnu gnutls 1.1.16
gnu gnutls 1.1.17
gnu gnutls 1.1.18
gnu gnutls 1.1.19
gnu gnutls 1.1.20
gnu gnutls 1.1.21
gnu gnutls 1.1.22
gnu gnutls 1.1.23
gnu gnutls 1.2.0
gnu gnutls 1.2.1
gnu gnutls 1.2.2
gnu gnutls 1.2.3
gnu gnutls 1.2.4
gnu gnutls 1.2.5
gnu gnutls 1.2.6
gnu gnutls 1.2.7
gnu gnutls 1.2.8
gnu gnutls 1.2.8.1a1
gnu gnutls 1.2.9
gnu gnutls 1.2.10
gnu gnutls 1.2.11
gnu gnutls 1.3.0
gnu gnutls 1.3.1
gnu gnutls 1.3.2
gnu gnutls 1.3.3
gnu gnutls 1.3.4
gnu gnutls 1.3.5
gnu gnutls 1.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABCDA0A7-FF39-42BC-977D-52EDDBF7B473",
                     versionEndIncluding: "1.4.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "754A0D19-A17A-4007-8355-497D14CFCBF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8140DBE1-8116-4051-9A57-07535586E0AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1CC840D-AD01-4EE2-8652-06742A6286BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "84224A82-6D58-4000-A449-20C1632DAE85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "A466931C-769A-4A28-B072-10930CE655E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F621DC-7967-4D97-A562-02E7033C89C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "776E5481-399F-45BC-AD20-A18508B03916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "63D7F972-9128-4A4D-8508-B38CE2F155E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "54FE4766-32D0-491E-8C71-5B998C468142",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F980857-2364-466A-8366-BD017D242222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2E649D-5C45-4412-927B-E3EDCE07587C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "052B40C1-C29B-4189-9A45-DAE873AB716D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "61D05BC3-1315-4AC7-884D-41459272C94B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "738F29DA-9741-4BA5-B370-417443A3AC2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "52173492-1031-4AA4-A600-6210581059D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB636C36-2884-4F66-B68A-4494AEAF90C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9200C3-0F46-4238-918B-38D95BF11547",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B84A4F5-CED7-4633-913F-BE8235F68616",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.",
      },
      {
         lang: "es",
         value: "La función _gnutls_x509_oid2mac_algorithm en lib/gnutls_algorithms.c de GnuTLS anterior a v1.4.2. Permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un certificado X.509 manipulado que utiliza un algoritmo hash no soportado por GnuTLS, lo que provoca una deferencia a puntero nulo.",
      },
   ],
   id: "CVE-2006-7239",
   lastModified: "2024-11-21T00:24:42.683",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2010-05-24T19:30:01.270",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-04-01 15:29
Modified
2024-11-21 04:42
Summary
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.htmlMailing List, Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:3600
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://gitlab.com/gnutls/gnutls/issues/704Exploit, Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/
secalert@redhat.comhttps://security.gentoo.org/glsa/201904-14Third Party Advisory
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20190502-0005/Third Party Advisory
secalert@redhat.comhttps://usn.ubuntu.com/3999-1/
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3600
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/issues/704Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201904-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190502-0005/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3999-1/
Impacted products
Vendor Product Version
gnu gnutls *
fedoraproject fedora 28
opensuse leap 15.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE69D892-FC7F-4CBC-ADCD-1A45B18B6827",
                     versionEndExcluding: "3.6.7",
                     versionStartIncluding: "3.6.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.",
      },
      {
         lang: "es",
         value: "Se descubrió en gnutls, antes de la versión 3.6.7 upstream, que hay un acceso de puntero no inicializado en gnutls, en versiones 3.6.4 o posteriores, que puede desencadenarse por determinados mensajes \"post-handshake\".",
      },
   ],
   id: "CVE-2019-3836",
   lastModified: "2024-11-21T04:42:39.360",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-04-01T15:29:01.060",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2019:3600",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/issues/704",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201904-14",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190502-0005/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://usn.ubuntu.com/3999-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:3600",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/issues/704",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201904-14",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190502-0005/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/3999-1/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-456",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-824",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-06-16 21:00
Modified
2024-11-21 01:02
Severity ?
Summary
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
Impacted products
Vendor Product Version
mutt mutt 1.5.19
openssl openssl *
gnu gnutls *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mutt:mutt:1.5.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "89C33B31-B9BC-4E43-8221-219380B4B682",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDA1CA86-1405-4C25-9BC2-5A5E6A76B911",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2745A1E0-C586-4686-A5AC-C82ABE726D5C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.",
      },
      {
         lang: "es",
         value: "Mutt v1.5.º9, enlazado contra (1) OpenSSL (mutt_ssl.c) o (2) GnuTLS (mutt_ssl_gnutls.c), permite conexiones cuando se acepta un certificado TLS en la cadena en vez de verificar esta última, lo que permite a atacantes remotos suplantar servidores de confianda a través de un ataque hombre-en-medio(Man-in-the-middle).",
      },
   ],
   id: "CVE-2009-1390",
   lastModified: "2024-11-21T01:02:22.150",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2009-06-16T21:00:00.343",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/06/10/2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/35288",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/06/10/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/35288",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vendorComments: [
      {
         comment: "Not vulnerable. This issue did not affect the versions of mutt as shipped with Red Hat Enterprise Linux 3, 4, or 5.  Only mutt version 1.5.19 was affected by this flaw.",
         lastModified: "2009-06-17T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2008-08-08 19:41
Modified
2024-11-21 00:46
Severity ?
Summary
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
Impacted products
Vendor Product Version
gnu gnutls 2.3.5
gnu gnutls 2.3.6
gnu gnutls 2.3.7
gnu gnutls 2.3.8
gnu gnutls 2.3.9
gnu gnutls 2.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "C51E0C88-B19C-408D-AC17-10CE7462D48A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC41482-B3BC-4C93-A850-73A179BAB763",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADC80BE1-28A6-4348-A061-8FD9C805E945",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de uso después de liberación en la función _gnutls_handshake_hash_buffers_clear de lib/gnutls_handshake.c en libgnutls de GnuTLS 2.3.5 hasta 2.4.0 permite a atacantes remotos provocar una denegación de servicio (caida) o posiblemente ejecutar código de su elección a través de transmisiones TLS de datos que no son usadas apropiadamente cuando las llamadas pares gnutls_handshake dentro de una sesión normal, conducen a intentos de acceso a manejadores libgcrypt no asignados.",
      },
   ],
   id: "CVE-2008-2377",
   lastModified: "2024-11-21T00:46:44.837",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.6,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:H/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2008-08-08T19:41:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/31505",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/30713",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2008/2398",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44486",
      },
      {
         source: "secalert@redhat.com",
         url: "https://issues.rpath.com/browse/RPL-2650",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/31505",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/30713",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/2398",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44486",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://issues.rpath.com/browse/RPL-2650",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vendorComments: [
      {
         comment: "Not vulnerable. This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 4, or 5.",
         lastModified: "2008-08-11T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-03-24 15:59
Modified
2024-11-21 03:27
Severity ?
Summary
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
References
security@debian.orghttp://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.htmlThird Party Advisory
security@debian.orghttp://rhn.redhat.com/errata/RHSA-2017-0574.html
security@debian.orghttp://www.openwall.com/lists/oss-security/2017/01/10/7Mailing List, Patch, Third Party Advisory
security@debian.orghttp://www.openwall.com/lists/oss-security/2017/01/11/4Mailing List, Patch, Third Party Advisory
security@debian.orghttp://www.securityfocus.com/bid/95372Third Party Advisory, VDB Entry
security@debian.orghttp://www.securitytracker.com/id/1037576Third Party Advisory, VDB Entry
security@debian.orghttps://access.redhat.com/errata/RHSA-2017:2292
security@debian.orghttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338Issue Tracking, Patch, Third Party Advisory
security@debian.orghttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346Issue Tracking, Patch, Third Party Advisory
security@debian.orghttps://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1aIssue Tracking, Patch, Third Party Advisory
security@debian.orghttps://gnutls.org/security.html#GNUTLS-SA-2017-2Vendor Advisory
security@debian.orghttps://security.gentoo.org/glsa/201702-04Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2017-0574.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/01/10/7Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/01/11/4Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/95372Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037576Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2292
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1aIssue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gnutls.org/security.html#GNUTLS-SA-2017-2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201702-04Patch, Third Party Advisory, Vendor Advisory
Impacted products
Vendor Product Version
opensuse leap 42.1
opensuse leap 42.2
gnu gnutls *
gnu gnutls 3.5.0
gnu gnutls 3.5.1
gnu gnutls 3.5.2
gnu gnutls 3.5.3
gnu gnutls 3.5.4
gnu gnutls 3.5.5
gnu gnutls 3.5.6
gnu gnutls 3.5.7



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BCB1A63-F2CF-474F-AAF6-CE225C58B765",
                     versionEndIncluding: "3.3.25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434168D-05A8-4300-9069-C55566A5EAA0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BACD6E9A-8CCA-44C3-AE54-BAABEAB5BB37",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D6FA626-AEE9-4E3B-8BE4-3F2D46FF072D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA302AC-1DE9-4D36-94B2-BB4411E9BF53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "71805931-872A-4F1A-A8B4-82347C2EF90E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1A489C2-4824-4133-83E0-625AA454E959",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8D38B82-82A7-4943-BE1C-77EC707289D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "850A1174-F1E7-47EA-AF71-FEB6C4379EDC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.",
      },
      {
         lang: "es",
         value: "Múltiples desbordamientos de búfer basados en memoria dinámica en la función read_attribute en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permiten a los atacantes remotos tener un impacto no especificado a través de un certificado OpenPGP manipulado.",
      },
   ],
   id: "CVE-2017-5337",
   lastModified: "2024-11-21T03:27:25.057",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-03-24T15:59:00.920",
   references: [
      {
         source: "security@debian.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
      },
      {
         source: "security@debian.org",
         url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
      },
      {
         source: "security@debian.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
      },
      {
         source: "security@debian.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
      },
      {
         source: "security@debian.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/95372",
      },
      {
         source: "security@debian.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037576",
      },
      {
         source: "security@debian.org",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "security@debian.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338",
      },
      {
         source: "security@debian.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346",
      },
      {
         source: "security@debian.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a",
      },
      {
         source: "security@debian.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
      },
      {
         source: "security@debian.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201702-04",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/95372",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037576",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201702-04",
      },
   ],
   sourceIdentifier: "security@debian.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-11-13 21:32
Modified
2024-11-21 02:19
Severity ?
Summary
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
Impacted products
Vendor Product Version
gnu gnutls 3.0
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 3.0.2
gnu gnutls 3.0.3
gnu gnutls 3.0.4
gnu gnutls 3.0.5
gnu gnutls 3.0.6
gnu gnutls 3.0.7
gnu gnutls 3.0.8
gnu gnutls 3.0.9
gnu gnutls 3.0.10
gnu gnutls 3.0.11
gnu gnutls 3.0.12
gnu gnutls 3.0.13
gnu gnutls 3.0.14
gnu gnutls 3.0.15
gnu gnutls 3.0.16
gnu gnutls 3.0.17
gnu gnutls 3.0.18
gnu gnutls 3.0.19
gnu gnutls 3.0.20
gnu gnutls 3.0.21
gnu gnutls 3.0.22
gnu gnutls 3.0.23
gnu gnutls 3.0.24
gnu gnutls 3.0.25
gnu gnutls 3.0.26
gnu gnutls 3.0.27
gnu gnutls 3.0.28
gnu gnutls 3.1.0
gnu gnutls 3.1.1
gnu gnutls 3.1.2
gnu gnutls 3.1.3
gnu gnutls 3.1.4
gnu gnutls 3.1.5
gnu gnutls 3.1.6
gnu gnutls 3.1.7
gnu gnutls 3.1.8
gnu gnutls 3.1.9
gnu gnutls 3.1.10
gnu gnutls 3.1.11
gnu gnutls 3.1.12
gnu gnutls 3.1.13
gnu gnutls 3.1.14
gnu gnutls 3.1.15
gnu gnutls 3.1.16
gnu gnutls 3.1.17
gnu gnutls 3.1.18
gnu gnutls 3.1.19
gnu gnutls 3.1.20
gnu gnutls 3.1.21
gnu gnutls 3.1.22
gnu gnutls 3.1.23
gnu gnutls 3.1.24
gnu gnutls 3.1.25
gnu gnutls 3.1.26
gnu gnutls 3.1.27
gnu gnutls 3.2.0
gnu gnutls 3.2.1
gnu gnutls 3.2.2
gnu gnutls 3.2.3
gnu gnutls 3.2.4
gnu gnutls 3.2.5
gnu gnutls 3.2.6
gnu gnutls 3.2.7
gnu gnutls 3.2.8
gnu gnutls 3.2.8.1
gnu gnutls 3.2.9
gnu gnutls 3.2.10
gnu gnutls 3.2.11
gnu gnutls 3.2.12
gnu gnutls 3.2.12.1
gnu gnutls 3.2.13
gnu gnutls 3.2.14
gnu gnutls 3.2.15
gnu gnutls 3.2.16
gnu gnutls 3.2.17
gnu gnutls 3.2.18
gnu gnutls 3.2.19
gnu gnutls 3.3.0
gnu gnutls 3.3.0
gnu gnutls 3.3.1
gnu gnutls 3.3.2
gnu gnutls 3.3.3
gnu gnutls 3.3.4
gnu gnutls 3.3.5
gnu gnutls 3.3.6
gnu gnutls 3.3.7
gnu gnutls 3.3.8
gnu gnutls 3.3.9
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
opensuse opensuse 12.3
opensuse opensuse 13.1
opensuse opensuse 13.2
canonical ubuntu_linux 14.10



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC43DD1B-D8F0-4CC6-A5A9-C0DCEB1A7131",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8150D656-9B13-49D0-9960-4C78E057AB26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0161F845-C5F4-4318-949A-499A4062FB78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C42F577F-264C-4F8F-955A-67743965AB8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "022F28CD-4D6B-48AB-8E39-244E19D34F67",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "16B5986E-1029-4D40-8012-1FF1615C929A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "45439989-0D3B-4DCE-AB35-B63B1543CD59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBCD4F3C-8BD4-4367-B00C-A1379C158625",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "12F2CFB7-5ACF-4328-B0F8-C3A981CAA368",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC3A72EF-FB1C-4CD8-B6C7-B7D60D6A14D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "14624E40-3CAA-45E5-BDF2-F08706FC68BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "E743ABC3-6F24-43E1-98E5-6F60BE975212",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDA000C-A616-402B-B964-D5F4ADB6B550",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "62789464-0074-4009-B97B-665A21E0CC25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B02B1BA-4E05-4AFD-B1F8-1CB54F2DC5B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "95A77487-3ABD-40F5-9C98-49A65ED7F16D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "3911F202-5E7B-4DE3-90D9-07278923036B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CF1B6CF-3434-4874-9324-87D045511A13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "133CA307-1B3A-4DBB-89F8-C780E4B1BA7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "48CD2EAB-A10E-4C91-9D00-9F98BD63CA1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.26:*:*:*:*:*:*:*",
                     matchCriteriaId: "F97BE4C9-E7FC-44FE-9F11-7776BCD6E81F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.27:*:*:*:*:*:*:*",
                     matchCriteriaId: "D97EAF12-679B-4494-871F-0074ABD0E20B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.28:*:*:*:*:*:*:*",
                     matchCriteriaId: "70F58963-0C56-4228-B9DC-1EA54DA8070D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D91451B0-301B-430D-9D77-00F4AE91C10A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "344CCDAD-64EC-419C-995B-51F922AB9E39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "49DB8FC4-F84A-47FD-9586-CF02761152A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "D57BDDEB-090D-472C-9FB6-4555429860E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "F430F4C6-A738-4E02-BE76-041F71335E62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "64EE97BB-D0EE-444A-96FA-D127892216F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB28F388-DE19-4C25-A838-949CA926C31A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "435C588C-A478-4FB8-A47D-2605CB39C331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EDDABF3-ECA6-433E-A7D6-8E13F0C6433B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "0142E0D7-85DD-413B-B176-2FB5E12C2FE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "780D6C0C-2B20-425E-B15E-EE1AF9F28B31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC2D3896-E095-4889-A9D1-6D8EB2882D64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3CCDF3A-BEAB-4DA2-A15A-A855FFFD415A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "425F7D5B-EE8A-46EC-B986-414FB90702C6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BC83E92-882B-4984-80FC-FAB7F5CD52E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "8AFAAACF-FD4A-4B1C-A35A-E11189DE2F85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62B585C-2FC8-448F-97E7-CAC59548B03A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "07815863-DBCF-41E9-A459-9CE57B74E489",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "F826F2B5-F00A-44FE-9229-B4597017DE9E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.26:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4E4F6F8-80F3-433D-B702-9DEF6D375A64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.27:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BE75031-0B8B-44A7-B541-F395BE7AF473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "827A375E-8045-4A81-AB7C-11A89E862518",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEC1076D-2249-406B-9D43-B24764BBE007",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F039CD91-0FF6-4640-B981-20A3F9384A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "567E66B1-53D9-4A80-A938-2FE5C7CEB985",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA2186BE-288F-40FD-B634-76D14578E252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "773043EA-8C41-4F42-9702-660FD6822FD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "37E05061-D666-492E-AF2B-CF30FC2FA759",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A22BC2E4-A2A5-4637-A9B9-9E68FC982BC2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "68DF059C-4C1D-4B9C-993E-1C4D3510471C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E9A21B6-4A22-4801-8023-45F39EC02576",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "2EA5F76C-3524-4E80-985F-FC74DD20B5E8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCB890F0-3126-4FDD-8162-AC28754D3D05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "35CAA298-D755-4668-A568-439532DF7A0A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "13B53422-C666-4140-BF8A-EEDB8AC95A70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6B1861D-61C3-469E-B37F-B76758626BCB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "07517D8A-C31B-4F4E-87A0-3239F88015DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "1736E9EB-AC26-44D7-99EB-99CC1F596CB9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94E55DE-7CCB-4C91-BBB3-9D11FF5F9440",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "E03D0521-C985-4A2C-A848-43BE614F9113",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AFBDD69-430C-4312-8B28-4A51FB4BC8D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "BE31FE31-3F85-41F3-9DCB-58A090E63DEA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*",
                     matchCriteriaId: "18A0842D-2CAC-4372-80D0-68BCCC28C7BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A91948CE-E418-4450-AB62-9078D3A0FBEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D34267DC-A768-4A0F-BB54-74314B70E4F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "160B3AD7-37A3-4A01-B1CD-83E6500E145A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE61F19-A2C3-4FE9-9C5A-D1FB949B6CEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EDFE7E2-12FC-4819-8615-F76A312E8BEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4993D25F-607B-4486-B9EC-566A1EEBE73B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "9FEF4D26-DD0C-4E67-8901-8B38A51C1FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "49CE4BAE-77EC-469D-9FE2-A807B7E2EC64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "7921C926-450B-4EFF-B610-B8B8FD17AE1A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C84489B-B08C-4854-8A12-D01B6E45CF79",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "49A63F39-30BE-443F-AF10-6245587D3359",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.",
      },
      {
         lang: "es",
         value: "La función _gnutls_ecc_ansi_x963_export en gnutls_ecc.c en GnuTLS 3.x anterior a 3.1.28, 3.2.x anterior a 3.2.20, y 3.3.x anterior a 3.3.10 permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango) a través de un certificado malicioso ECC de tipo (1) curva elíptica criptográfica o (2) peticiones de solicitudes de firma de certificado (CSR), relacionado con la generación de key IDs.",
      },
   ],
   id: "CVE-2014-8564",
   lastModified: "2024-11-21T02:19:20.943",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-11-13T21:32:13.427",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-1846.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/59991",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/62284",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/62294",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-2403-1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1161443",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-1846.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/59991",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/62284",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/62294",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-2403-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1161443",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-04-30 20:30
Modified
2024-11-21 01:02
Severity ?
Summary
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
References
cve@mitre.orghttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515Broken Link, Patch
cve@mitre.orghttp://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502Broken Link
cve@mitre.orghttp://secunia.com/advisories/34842Broken Link, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/35211Broken Link
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200905-04.xmlThird Party Advisory
cve@mitre.orghttp://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488Broken Link, Exploit
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:116Broken Link
cve@mitre.orghttp://www.securityfocus.com/bid/34783Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id?1022157Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1218Broken Link
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/50257Third Party Advisory, VDB Entry
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/50260Not Applicable
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/50445Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515Broken Link, Patch
af854a3a-2127-422b-91ae-364da2661108http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34842Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35211Broken Link
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200905-04.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488Broken Link, Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:116Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34783Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022157Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1218Broken Link
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50257Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50260Not Applicable
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50445Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
gnu gnutls *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0CC336AC-F306-4643-91E0-BA1D4B07DC10",
                     versionEndExcluding: "2.6.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.",
      },
      {
         lang: "es",
         value: "lib/pk-libgcrypt.c en libgnutls en GnuTLS anterior a v2.6.6 no maneja correctamente las firmas DSA, lo cual permite a atacantes remotos provocar una denegación de servicio (cuelgue de aplicación) y posiblemente tiene otro impacto no especificado a través de una clave DSA malformada que desencadena (1) una liberación del puntero no inicializado.  (2) una doble liberación.",
      },
   ],
   id: "CVE-2009-1415",
   lastModified: "2024-11-21T01:02:24.363",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-04-30T20:30:00.563",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/34842",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/35211",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Exploit",
         ],
         url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/34783",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1022157",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.vupen.com/english/advisories/2009/1218",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50257",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Not Applicable",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50260",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50445",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/34842",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/35211",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Exploit",
         ],
         url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/34783",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1022157",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.vupen.com/english/advisories/2009/1218",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50257",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Not Applicable",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50260",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50445",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vendorComments: [
      {
         comment: "Not vulnerable. This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5 as it only affected gnutls 2.6.x versions.",
         lastModified: "2009-09-21T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-824",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
Impacted products
Vendor Product Version
gnu gnutls 1.0.16



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.",
      },
   ],
   id: "CVE-2004-2531",
   lastModified: "2024-11-20T23:53:35.517",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/12156",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://securitytracker.com/id?1010838",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.hornik.sk/SA/SA-20040802.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.osvdb.org/8278",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/10839",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16858",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/12156",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://securitytracker.com/id?1010838",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.hornik.sk/SA/SA-20040802.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.osvdb.org/8278",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/10839",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16858",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-03-27 18:29
Modified
2024-11-21 04:42
Summary
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:3600
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://gitlab.com/gnutls/gnutls/issues/694Exploit, Patch, Third Party Advisory
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/
secalert@redhat.comhttps://security.gentoo.org/glsa/201904-14
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20190619-0004/
secalert@redhat.comhttps://usn.ubuntu.com/3999-1/
secalert@redhat.comhttps://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3600
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/issues/694Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201904-14
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190619-0004/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3999-1/
af854a3a-2127-422b-91ae-364da2661108https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27Exploit, Patch, Vendor Advisory
Impacted products
Vendor Product Version
gnu gnutls *
fedoraproject fedora -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "521F9E87-9015-43E4-A036-B7E26B96E06B",
                     versionEndExcluding: "3.6.7",
                     versionStartIncluding: "3.5.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3FEADDA-2AEE-4F65-9401-971B585664A8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.",
      },
      {
         lang: "es",
         value: "Se ha descubierto una vulnerabilidad en gnutls, desde la versión 3.5.8 hasta antes de la 3.6.7. Hay una vulnerabilidad de corrupción de memoria (doble liberación o \"double free\") en la API de verificación de certificados. Cualquier aplicación cliente o servidor que verifica certificados X.509 con GnuTLS en versiones 3.5.8 o posteriores se ha visto afectada.",
      },
   ],
   id: "CVE-2019-3829",
   lastModified: "2024-11-21T04:42:37.957",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-03-27T18:29:00.693",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2019:3600",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/issues/694",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://security.gentoo.org/glsa/201904-14",
      },
      {
         source: "secalert@redhat.com",
         url: "https://security.netapp.com/advisory/ntap-20190619-0004/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://usn.ubuntu.com/3999-1/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:3600",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/issues/694",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201904-14",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20190619-0004/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/3999-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-415",
            },
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-08-22 13:29
Modified
2024-11-21 03:42
Summary
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
References
secalert@redhat.comhttp://www.securityfocus.com/bid/105138Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:3050Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:3505Broken Link
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://eprint.iacr.org/2018/747Third Party Advisory
secalert@redhat.comhttps://gitlab.com/gnutls/gnutls/merge_requests/657Patch, Third Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/10/msg00022.htmlThird Party Advisory
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/
secalert@redhat.comhttps://usn.ubuntu.com/3999-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105138Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3050Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3505Broken Link
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://eprint.iacr.org/2018/747Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/merge_requests/657Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/10/msg00022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3999-1/Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECA0072D-DE2F-467F-9143-371A8CCB9000",
                     versionEndExcluding: "3.6.12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.",
      },
      {
         lang: "es",
         value: "Se ha detectado que la implementación GnuTLS de HMAC-SHA-384 era vulnerable a un ataque de estilo Lucky Thirteen. Los atacantes remotos podrían utilizar este fallo para realizar ataques de distinción y de recuperación en texto plano mediante análisis estadísticos de datos temporales mediante paquetes manipulados.",
      },
   ],
   id: "CVE-2018-10845",
   lastModified: "2024-11-21T03:42:07.753",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-08-22T13:29:00.440",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/105138",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3050",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3505",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://eprint.iacr.org/2018/747",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/merge_requests/657",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3999-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/105138",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3050",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3505",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://eprint.iacr.org/2018/747",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/merge_requests/657",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3999-1/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-385",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-327",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-07-30 19:30
Modified
2024-11-21 01:04
Severity ?
Summary
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
References
secalert@redhat.comhttp://java.sun.com/j2se/1.5.0/ReleaseNotes.htmlPatch
secalert@redhat.comhttp://java.sun.com/javase/6/webnotes/6u17.html
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlVendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/36139Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/36157Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/36434Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/36669
secalert@redhat.comhttp://secunia.com/advisories/36739Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37386Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/42467Vendor Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200911-02.xml
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200912-01.xml
secalert@redhat.comhttp://support.apple.com/kb/HT3937
secalert@redhat.comhttp://www.debian.org/security/2009/dsa-1874
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:197
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:216
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:258
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:084
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2009-1207.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2009-1432.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/515055/100/0/threaded
secalert@redhat.comhttp://www.securitytracker.com/id?1022631
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-810-1
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2010-0019.html
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/2085Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3184Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/3126Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409
secalert@redhat.comhttps://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
secalert@redhat.comhttps://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2010-0095.html
secalert@redhat.comhttps://usn.ubuntu.com/810-2/
secalert@redhat.comhttps://www.debian.org/security/2009/dsa-1888
af854a3a-2127-422b-91ae-364da2661108http://java.sun.com/j2se/1.5.0/ReleaseNotes.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://java.sun.com/javase/6/webnotes/6u17.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36139Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36157Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36434Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36669
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36739Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37386Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42467Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200911-02.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200912-01.xml
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3937
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1874
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:197
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:216
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:258
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1207.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1432.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/515055/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022631
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-810-1
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2010-0019.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3184Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/3126Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409
af854a3a-2127-422b-91ae-364da2661108https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
af854a3a-2127-422b-91ae-364da2661108https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2010-0095.html
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/810-2/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2009/dsa-1888
Impacted products
Vendor Product Version
mozilla firefox *
mozilla firefox *
mozilla nss *
mozilla nss 3.0
mozilla nss 3.2
mozilla nss 3.2.1
mozilla nss 3.3
mozilla nss 3.3.1
mozilla nss 3.3.2
mozilla nss 3.4
mozilla nss 3.4.1
mozilla nss 3.4.2
mozilla nss 3.4.3
mozilla nss 3.5
mozilla nss 3.6
mozilla nss 3.6.1
mozilla nss 3.7
mozilla nss 3.7.1
mozilla nss 3.7.2
mozilla nss 3.7.3
mozilla nss 3.7.5
mozilla nss 3.7.7
mozilla nss 3.8
mozilla nss 3.9
mozilla nss 3.9.5
mozilla nss 3.10
mozilla nss 3.11.2
mozilla nss 3.11.4
mozilla nss 3.11.7
mozilla nss 3.11.8
mozilla nss 3.12
mozilla nss 3.12.1
openssl openssl 0.9.8
openssl openssl 0.9.8a
openssl openssl 0.9.8b
openssl openssl 0.9.8c
openssl openssl 0.9.8d
openssl openssl 0.9.8e
openssl openssl 0.9.8f
openssl openssl 0.9.8g
openssl openssl 0.9.8h
openssl openssl 0.9.8i
openssl openssl 0.9.8j
openssl openssl 0.9.8k
gnu gnutls *
gnu gnutls 1.0.16
gnu gnutls 1.0.17
gnu gnutls 1.0.18
gnu gnutls 1.0.19
gnu gnutls 1.0.20
gnu gnutls 1.0.21
gnu gnutls 1.0.22
gnu gnutls 1.0.23
gnu gnutls 1.0.24
gnu gnutls 1.0.25
gnu gnutls 1.1.13
gnu gnutls 1.1.14
gnu gnutls 1.1.15
gnu gnutls 1.1.16
gnu gnutls 1.1.17
gnu gnutls 1.1.18
gnu gnutls 1.1.19
gnu gnutls 1.1.20
gnu gnutls 1.1.21
gnu gnutls 1.1.22
gnu gnutls 1.1.23
gnu gnutls 1.2.0
gnu gnutls 1.2.1
gnu gnutls 1.2.2
gnu gnutls 1.2.3
gnu gnutls 1.2.4
gnu gnutls 1.2.5
gnu gnutls 1.2.6
gnu gnutls 1.2.7
gnu gnutls 1.2.8
gnu gnutls 1.2.8.1a1
gnu gnutls 1.2.9
gnu gnutls 1.2.10
gnu gnutls 1.2.11
gnu gnutls 1.3.0
gnu gnutls 1.3.1
gnu gnutls 1.3.2
gnu gnutls 1.3.3
gnu gnutls 1.3.4
gnu gnutls 1.3.5
gnu gnutls 1.4.0
gnu gnutls 1.4.1
gnu gnutls 1.4.2
gnu gnutls 1.4.3
gnu gnutls 1.4.4
gnu gnutls 1.4.5
gnu gnutls 1.5.0
gnu gnutls 1.5.1
gnu gnutls 1.5.2
gnu gnutls 1.5.3
gnu gnutls 1.5.4
gnu gnutls 1.5.5
gnu gnutls 1.6.0
gnu gnutls 1.6.1
gnu gnutls 1.6.2
gnu gnutls 1.6.3
gnu gnutls 1.7.0
gnu gnutls 1.7.1
gnu gnutls 1.7.2
gnu gnutls 1.7.3
gnu gnutls 1.7.4
gnu gnutls 1.7.5
gnu gnutls 1.7.6
gnu gnutls 1.7.7
gnu gnutls 1.7.8
gnu gnutls 1.7.9
gnu gnutls 1.7.10
gnu gnutls 1.7.11
gnu gnutls 1.7.12
gnu gnutls 1.7.13
gnu gnutls 1.7.14
gnu gnutls 1.7.15
gnu gnutls 1.7.16
gnu gnutls 1.7.17
gnu gnutls 1.7.18
gnu gnutls 1.7.19
gnu gnutls 2.0.0
gnu gnutls 2.0.1
gnu gnutls 2.0.2
gnu gnutls 2.0.3
gnu gnutls 2.0.4
gnu gnutls 2.1.0
gnu gnutls 2.1.1
gnu gnutls 2.1.2
gnu gnutls 2.1.3
gnu gnutls 2.1.4
gnu gnutls 2.1.5
gnu gnutls 2.1.6
gnu gnutls 2.1.7
gnu gnutls 2.1.8
gnu gnutls 2.2.0
gnu gnutls 2.2.1
gnu gnutls 2.2.2
gnu gnutls 2.2.3
gnu gnutls 2.2.4
gnu gnutls 2.2.5
gnu gnutls 2.3.0
gnu gnutls 2.3.1
gnu gnutls 2.3.2
gnu gnutls 2.3.3
gnu gnutls 2.3.4
gnu gnutls 2.3.5
gnu gnutls 2.3.6
gnu gnutls 2.3.7
gnu gnutls 2.3.8
gnu gnutls 2.3.9
gnu gnutls 2.3.10
gnu gnutls 2.3.11
gnu gnutls 2.4.0
gnu gnutls 2.4.1
gnu gnutls 2.4.2
gnu gnutls 2.5.0
gnu gnutls 2.6.0
gnu gnutls 2.6.1
gnu gnutls 2.6.2
gnu gnutls 2.7.4



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD8D62AB-8BC8-4A00-ACDA-5D224C043129",
                     versionEndIncluding: "3.12.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DDA50B0-D3D2-456D-B48A-BD5EE72B8E7F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C15CFFC-5D0F-4BBB-9428-06B475274235",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "141015B2-BE49-4EE8-ABE8-E8D18DA2C9E3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "91423E7A-6AD0-4203-A779-E4495E889310",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FC8DF55-463F-4002-A227-05E51545EBE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A41F970E-8918-4A30-B3E2-BDEF85FFF372",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "E44BF206-EBE6-4FC6-97E8-6C2C994612AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B8DEE0E-354F-4C7A-8AE1-0F21E91829A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE0E4EB6-8389-47B8-839F-1B8D4E781A13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C4F2FFC-CAE0-480D-8FCE-E7A8923ED452",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "04657D90-D5E4-4EFA-9016-1459815C0393",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "74A235D9-DA84-4448-B4AB-0D2BD809B3B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CCA94E0-F5CF-4873-AD4B-ADA82967A5F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DAF7717-A813-411A-A18A-2524EB63C949",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "57B8CAE7-D938-4CF4-BB75-C039CACA0968",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B48D1426-B803-4E55-996D-E397CE6A5FAE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C893C67-6E8F-4C37-9DC3-52BA2D4C441C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "24304AE2-ECA2-4255-B0F3-245CDBE630C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4145734-9500-4818-BA42-22691386571F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9CB9668-2D0D-4101-B895-9A792402EC4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF3CB1AC-EC26-4AC3-84F9-0A6D4B54B634",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "B25E1B37-9809-4855-BE37-358F25DE6FD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9ED04A6-49B8-42DC-BF0F-868CD60473F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5D38075-BD60-4D44-99FA-3756A735BD7D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.11.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "64487A7D-770E-4F71-9DCD-50336F681B7D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.11.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "DF9A0BAB-3B27-4E54-8881-F56FC3630EA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.11.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A79CFF5-B1D6-4B2F-9327-B6C451C47EA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "542A1310-8470-4780-8AD5-C72721BA298C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:3.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0ACB2CAD-4C94-44B8-B61B-97CF7DA5DB26",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A4E446D-B9D3-45F2-9722-B41FA14A6C31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF4EA988-FC80-4170-8933-7C6663731981",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                     matchCriteriaId: "64F8F53B-24A1-4877-B16E-F1917C4E4E81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                     matchCriteriaId: "75D3ACD5-905F-42BB-BE1A-8382E9D823BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                     matchCriteriaId: "766EA6F2-7FA4-4713-9859-9971CCD2FDCB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                     matchCriteriaId: "2BB38AEA-BAF0-4920-9A71-747C24444770",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                     matchCriteriaId: "1F33EA2B-DE15-4695-A383-7A337AC38908",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                     matchCriteriaId: "261EE631-AB43-44FE-B02A-DFAAB8D35927",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A1365ED-4651-4AB2-A64B-43782EA2F0E8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC82690C-DCED-47BA-AA93-4D0C9E95B806",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "95002BAD-9C8A-4DCE-A900-7948F2FC9BCF",
                     versionEndIncluding: "2.6.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "754A0D19-A17A-4007-8355-497D14CFCBF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8140DBE1-8116-4051-9A57-07535586E0AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1CC840D-AD01-4EE2-8652-06742A6286BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "84224A82-6D58-4000-A449-20C1632DAE85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "A466931C-769A-4A28-B072-10930CE655E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F621DC-7967-4D97-A562-02E7033C89C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "776E5481-399F-45BC-AD20-A18508B03916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "63D7F972-9128-4A4D-8508-B38CE2F155E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "54FE4766-32D0-491E-8C71-5B998C468142",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F980857-2364-466A-8366-BD017D242222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2E649D-5C45-4412-927B-E3EDCE07587C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "052B40C1-C29B-4189-9A45-DAE873AB716D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "61D05BC3-1315-4AC7-884D-41459272C94B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "738F29DA-9741-4BA5-B370-417443A3AC2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "52173492-1031-4AA4-A600-6210581059D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB636C36-2884-4F66-B68A-4494AEAF90C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9200C3-0F46-4238-918B-38D95BF11547",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B84A4F5-CED7-4633-913F-BE8235F68616",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DB6EC88-DCE0-439B-89CD-18229965849B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E2C89DD-CDBD-4772-A031-089F32006D80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "00DE1208-BDDC-405B-A34A-B58D00A279DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5C952BF-A135-4B15-8A51-94D66B618469",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6ADED309-0A25-478D-B542-96217A0DD63E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F714D22-873A-4D64-8151-86BB55EFD084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E9181F9-50FF-4995-9554-022CF93376C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "86C70F69-FB80-4F32-A798-71A5153E6C29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A1E604-500E-4181-BF66-BB69C7C3F425",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7073EAD-06C9-4309-B479-135021E82B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "1895868E-E501-42C2-8450-EEED4447BAB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "199AA36A-3B23-438C-9109-CC9000372986",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD6FFF05-37B2-4D69-86AF-921591382D21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "22802660-D33F-4683-B82F-C94AC6170A73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5DBAF08-1441-4F14-A740-E90044B77042",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D3B6684-3890-4B60-BE67-D06045A86B3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D61596-01EB-4936-923B-63537625F926",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "599EB59C-7717-47A8-84C6-78B6D79AEB02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "26E9005E-5034-43F2-B96E-7829E19FE3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "83F22BF4-A738-438B-8D0B-6993640F0D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AF269AE-121B-4982-A765-5C7E806FA9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1C9F604-7FBE-4759-B039-8F5894574203",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "191821CD-E4CB-4269-B04C-284A9F9783B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A71474-958D-4689-A652-3E2A731F47FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "38169043-17DF-4CF9-963A-8770B8882357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4537676-A72E-4433-B44F-3664EDD6F240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D090B10-68F2-424D-8234-2A280AA96B59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "23168B77-645D-4A2A-A6E3-7001104064A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D085B16-3116-423F-BDE0-2D93E12650A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "C51E0C88-B19C-408D-AC17-10CE7462D48A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC41482-B3BC-4C93-A850-73A179BAB763",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADC80BE1-28A6-4348-A061-8FD9C805E945",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D7D245A-D983-40AD-89A7-0EA00D38D570",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7223691-225D-4649-B410-F41D2C489BA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "350A6845-77D6-4D63-A13C-5DAB55F98727",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B5E7C27-A5D9-4ABD-AFC5-5367083F387F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time.  NOTE: the scope of this issue is currently limited because the amount of computation required is still large.",
      },
      {
         lang: "es",
         value: "La librería Network Security Services (NSS) en versiones anteriores a 3.12.3, como se utiliza en Firefox; GnuTLS en versiones anteriores a 2.6.4 y 2.7.4; OpenSSL 0.9.8 hasta la versión 0.9.8k; y otros productos que soportan MD2 con certificados X.509, lo que podrían permitir a atacantes remotos falsificar certificados usando defectos de diseño de MD2 para generar una colisión de hash en menos que tiempo que con fuerza bruta. NOTA: el alcance de este problema está actualmente limitado porque la cantidad de computación requerida es todavía grande.",
      },
   ],
   id: "CVE-2009-2409",
   lastModified: "2024-11-21T01:04:48.300",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-07-30T19:30:00.343",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://java.sun.com/javase/6/webnotes/6u17.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36139",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36157",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36434",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/36669",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36739",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/37386",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/42467",
      },
      {
         source: "secalert@redhat.com",
         url: "http://security.gentoo.org/glsa/glsa-200911-02.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://security.gentoo.org/glsa/glsa-200912-01.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://support.apple.com/kb/HT3937",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2009/dsa-1874",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2009-1207.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2009-1432.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securitytracker.com/id?1022631",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/usn-810-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/2085",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3184",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/3126",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594",
      },
      {
         source: "secalert@redhat.com",
         url: "https://rhn.redhat.com/errata/RHSA-2010-0095.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://usn.ubuntu.com/810-2/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.debian.org/security/2009/dsa-1888",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://java.sun.com/javase/6/webnotes/6u17.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36139",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36157",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36434",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/36669",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36739",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/37386",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/42467",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200911-02.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200912-01.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://support.apple.com/kb/HT3937",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2009/dsa-1874",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2009-1207.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2009-1432.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1022631",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-810-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/2085",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3184",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/3126",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://rhn.redhat.com/errata/RHSA-2010-0095.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/810-2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.debian.org/security/2009/dsa-1888",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-03 14:29
Modified
2024-11-21 03:53
Summary
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
Impacted products
Vendor Product Version
gnu gnutls *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3BD288F-03CF-4D4B-ACFD-285972068291",
                     versionEndIncluding: "3.6.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un ataque de oráculo de relleno basado en canales laterales de tipo Bleichenbacher en la manera en la que gnutls maneja la verificación de los datos PKCS#1 v1.5 descifrados de un cifrado RSA. Un atacante que sea capaz de ejecutar un proceso en el mismo núcleo físico que el proceso víctima podría usarlo para extraer texto plano o, en algunos casos, desactualizar algunas conexiones TLS a un servidor vulnerable.",
      },
   ],
   id: "CVE-2018-16868",
   lastModified: "2024-11-21T03:53:29.250",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 3.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "PHYSICAL",
               availabilityImpact: "NONE",
               baseScore: 4.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 0.3,
            impactScore: 4,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "PHYSICAL",
               availabilityImpact: "NONE",
               baseScore: 5.6,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 0.4,
            impactScore: 4.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-03T14:29:00.333",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "http://cat.eyalro.net/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106080",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "http://cat.eyalro.net/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106080",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-203",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-203",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-07-03 18:55
Modified
2024-11-21 01:51
Severity ?
Summary
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0883.html
secalert@redhat.comhttp://secunia.com/advisories/53911Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/57260
secalert@redhat.comhttp://secunia.com/advisories/57274
secalert@redhat.comhttp://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753
secalert@redhat.comhttp://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2697
secalert@redhat.comhttp://www.gnutls.org/security.html#GNUTLS-SA-2013-2
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:171
secalert@redhat.comhttp://www.securitytracker.com/id/1028603
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1843-1
secalert@redhat.comhttps://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0883.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/53911Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57260
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57274
af854a3a-2127-422b-91ae-364da2661108http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753
af854a3a-2127-422b-91ae-364da2661108http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2697
af854a3a-2127-422b-91ae-364da2661108http://www.gnutls.org/security.html#GNUTLS-SA-2013-2
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:171
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1028603
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1843-1
af854a3a-2127-422b-91ae-364da2661108https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d
Impacted products
Vendor Product Version
gnu gnutls 2.12.23



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "6DA51CCE-8A44-4FAB-A29D-4A7DCDC395EF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length.  NOTE: this might be due to an incorrect fix for CVE-2013-0169.",
      },
      {
         lang: "es",
         value: "La función _gnutls_ciphertext2compressed en lib/gnutls_cipher.c en GnuTLS 2.12.23, permite a atacantes remotos provocar una denegación de servicio (sobrelectura y caída del búfer) a través de un tamaño manipulado. NOTA: esto podría deberse a una incorrecta corrección del CVE-2013-0169.",
      },
   ],
   id: "CVE-2013-2116",
   lastModified: "2024-11-21T01:51:04.027",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-07-03T18:55:01.027",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0883.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/53911",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/57274",
      },
      {
         source: "secalert@redhat.com",
         url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753",
      },
      {
         source: "secalert@redhat.com",
         url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2013/dsa-2697",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-2",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:171",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securitytracker.com/id/1028603",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1843-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0883.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/53911",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57274",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2013/dsa-2697",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:171",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1028603",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1843-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-11-20 14:12
Modified
2024-11-21 01:55
Severity ?
Summary
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.
Impacted products
Vendor Product Version
gnu gnutls 3.2.0
gnu gnutls 3.2.1
gnu gnutls 3.2.2
gnu gnutls 3.2.3
gnu gnutls 3.2.4
gnu gnutls 3.2.5
gnu gnutls 3.1.0
gnu gnutls 3.1.1
gnu gnutls 3.1.2
gnu gnutls 3.1.3
gnu gnutls 3.1.4
gnu gnutls 3.1.5
gnu gnutls 3.1.6
gnu gnutls 3.1.7
gnu gnutls 3.1.8
gnu gnutls 3.1.9
gnu gnutls 3.1.10
gnu gnutls 3.1.11
gnu gnutls 3.1.12
gnu gnutls 3.1.13
gnu gnutls 3.1.14
gnu gnutls 3.1.15
opensuse opensuse 13.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "827A375E-8045-4A81-AB7C-11A89E862518",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEC1076D-2249-406B-9D43-B24764BBE007",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F039CD91-0FF6-4640-B981-20A3F9384A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "567E66B1-53D9-4A80-A938-2FE5C7CEB985",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D91451B0-301B-430D-9D77-00F4AE91C10A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "344CCDAD-64EC-419C-995B-51F922AB9E39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "49DB8FC4-F84A-47FD-9586-CF02761152A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "D57BDDEB-090D-472C-9FB6-4555429860E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "F430F4C6-A738-4E02-BE76-041F71335E62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "64EE97BB-D0EE-444A-96FA-D127892216F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB28F388-DE19-4C25-A838-949CA926C31A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "435C588C-A478-4FB8-A47D-2605CB39C331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EDDABF3-ECA6-433E-A7D6-8E13F0C6433B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.  NOTE: this issue is due to an incomplete fix for CVE-2013-4466.",
      },
      {
         lang: "es",
         value: "Error de superación de límite en dane_raw_tlsa en la librería DANE (libdane) de GnuTLS 3.1.x anterior a la versión 3.1.16 y 3.2.x anterior a 3.2.6 permite en servidores remotos provocar una denegación de servicio (corrupción de memoria) a través de una respuesta con más de 4 entradas DANE. NOTA: este problema se debe a una solución incompleta para CVE-2013-4466.",
      },
   ],
   id: "CVE-2013-4487",
   lastModified: "2024-11-21T01:55:40.070",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-11-20T14:12:30.447",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2013/10/31/4",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2013/10/31/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-189",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2008-05-21 13:24
Modified
2024-11-21 00:45
Severity ?
Summary
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
References
secalert@redhat.comhttp://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b
secalert@redhat.comhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html
secalert@redhat.comhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html
secalert@redhat.comhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html
secalert@redhat.comhttp://secunia.com/advisories/30287Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30302Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30317Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30324Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30330Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30331Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30338Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30355
secalert@redhat.comhttp://secunia.com/advisories/31939
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200805-20.xml
secalert@redhat.comhttp://securityreason.com/securityalert/3902
secalert@redhat.comhttp://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558
secalert@redhat.comhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174
secalert@redhat.comhttp://www.cert.fi/haavoittuvuudet/advisory-gnutls.htmlExploit
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1581
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/252626US Government Resource
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:106
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2008/05/20/1
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2008/05/20/2
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2008/05/20/3
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0489.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0492.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/492282/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/492464/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/29292Patch
secalert@redhat.comhttp://www.securitytracker.com/id?1020058
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-613-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1582/references
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1583/references
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/42530
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-2552
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30287Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30302Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30317Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30324Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30330Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30331Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30338Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30355
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31939
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200805-20.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3902
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174
af854a3a-2127-422b-91ae-364da2661108http://www.cert.fi/haavoittuvuudet/advisory-gnutls.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1581
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/252626US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:106
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/05/20/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/05/20/2
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/05/20/3
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0489.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0492.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/492282/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/492464/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/29292Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020058
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-613-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1582/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1583/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/42530
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-2552
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html
Impacted products
Vendor Product Version
gnu gnutls 1.0.18
gnu gnutls 1.0.19
gnu gnutls 1.0.20
gnu gnutls 1.0.21
gnu gnutls 1.0.22
gnu gnutls 1.0.23
gnu gnutls 1.0.24
gnu gnutls 1.0.25
gnu gnutls 1.1.13
gnu gnutls 1.1.14
gnu gnutls 1.1.15
gnu gnutls 1.1.16
gnu gnutls 1.1.17
gnu gnutls 1.1.18
gnu gnutls 1.1.19
gnu gnutls 1.1.20
gnu gnutls 1.1.21
gnu gnutls 1.1.22
gnu gnutls 1.1.23
gnu gnutls 1.2.0
gnu gnutls 1.2.1
gnu gnutls 1.2.2
gnu gnutls 1.2.3
gnu gnutls 1.2.4
gnu gnutls 1.2.5
gnu gnutls 1.2.6
gnu gnutls 1.2.7
gnu gnutls 1.2.8
gnu gnutls 1.2.9
gnu gnutls 1.2.10
gnu gnutls 1.2.11
gnu gnutls 1.3.0
gnu gnutls 1.3.1
gnu gnutls 1.3.2
gnu gnutls 1.3.3
gnu gnutls 1.3.4
gnu gnutls 1.3.5
gnu gnutls 1.4.0
gnu gnutls 1.4.1
gnu gnutls 1.4.2
gnu gnutls 1.4.3
gnu gnutls 1.4.4
gnu gnutls 1.4.5
gnu gnutls 1.5.0
gnu gnutls 1.5.1
gnu gnutls 1.5.2
gnu gnutls 1.5.3
gnu gnutls 1.5.4
gnu gnutls 1.5.5
gnu gnutls 1.6.0
gnu gnutls 1.6.1
gnu gnutls 1.6.2
gnu gnutls 1.6.3
gnu gnutls 1.7.0
gnu gnutls 1.7.1
gnu gnutls 1.7.2
gnu gnutls 1.7.3
gnu gnutls 1.7.4
gnu gnutls 1.7.5
gnu gnutls 1.7.6
gnu gnutls 1.7.7
gnu gnutls 1.7.8
gnu gnutls 1.7.9
gnu gnutls 1.7.10
gnu gnutls 1.7.11
gnu gnutls 1.7.12
gnu gnutls 1.7.13
gnu gnutls 1.7.14
gnu gnutls 1.7.15
gnu gnutls 1.7.16
gnu gnutls 1.7.17
gnu gnutls 1.7.18
gnu gnutls 1.7.19
gnu gnutls 2.0.0
gnu gnutls 2.0.1
gnu gnutls 2.0.2
gnu gnutls 2.0.3
gnu gnutls 2.0.4
gnu gnutls 2.1.0
gnu gnutls 2.1.1
gnu gnutls 2.1.2
gnu gnutls 2.1.3
gnu gnutls 2.1.4
gnu gnutls 2.1.5
gnu gnutls 2.1.6
gnu gnutls 2.1.7
gnu gnutls 2.1.8
gnu gnutls 2.2.0
gnu gnutls 2.2.1
gnu gnutls 2.2.2
gnu gnutls 2.2.3
gnu gnutls 2.2.4
gnu gnutls 2.2.5
gnu gnutls 2.3.0
gnu gnutls 2.3.1
gnu gnutls 2.3.2
gnu gnutls 2.3.3
gnu gnutls 2.3.4
gnu gnutls 2.3.5
gnu gnutls 2.3.6
gnu gnutls 2.3.7
gnu gnutls 2.3.8
gnu gnutls 2.3.9
gnu gnutls 2.3.10
gnu gnutls 2.3.11



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "754A0D19-A17A-4007-8355-497D14CFCBF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8140DBE1-8116-4051-9A57-07535586E0AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1CC840D-AD01-4EE2-8652-06742A6286BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "84224A82-6D58-4000-A449-20C1632DAE85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "A466931C-769A-4A28-B072-10930CE655E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F621DC-7967-4D97-A562-02E7033C89C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "776E5481-399F-45BC-AD20-A18508B03916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "63D7F972-9128-4A4D-8508-B38CE2F155E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "54FE4766-32D0-491E-8C71-5B998C468142",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F980857-2364-466A-8366-BD017D242222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2E649D-5C45-4412-927B-E3EDCE07587C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "052B40C1-C29B-4189-9A45-DAE873AB716D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "61D05BC3-1315-4AC7-884D-41459272C94B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "738F29DA-9741-4BA5-B370-417443A3AC2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "52173492-1031-4AA4-A600-6210581059D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB636C36-2884-4F66-B68A-4494AEAF90C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9200C3-0F46-4238-918B-38D95BF11547",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B84A4F5-CED7-4633-913F-BE8235F68616",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DB6EC88-DCE0-439B-89CD-18229965849B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E2C89DD-CDBD-4772-A031-089F32006D80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "00DE1208-BDDC-405B-A34A-B58D00A279DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5C952BF-A135-4B15-8A51-94D66B618469",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6ADED309-0A25-478D-B542-96217A0DD63E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F714D22-873A-4D64-8151-86BB55EFD084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E9181F9-50FF-4995-9554-022CF93376C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "86C70F69-FB80-4F32-A798-71A5153E6C29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A1E604-500E-4181-BF66-BB69C7C3F425",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7073EAD-06C9-4309-B479-135021E82B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "1895868E-E501-42C2-8450-EEED4447BAB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "199AA36A-3B23-438C-9109-CC9000372986",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD6FFF05-37B2-4D69-86AF-921591382D21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "22802660-D33F-4683-B82F-C94AC6170A73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5DBAF08-1441-4F14-A740-E90044B77042",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D3B6684-3890-4B60-BE67-D06045A86B3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D61596-01EB-4936-923B-63537625F926",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "599EB59C-7717-47A8-84C6-78B6D79AEB02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "26E9005E-5034-43F2-B96E-7829E19FE3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "83F22BF4-A738-438B-8D0B-6993640F0D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AF269AE-121B-4982-A765-5C7E806FA9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1C9F604-7FBE-4759-B039-8F5894574203",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "191821CD-E4CB-4269-B04C-284A9F9783B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A71474-958D-4689-A652-3E2A731F47FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "38169043-17DF-4CF9-963A-8770B8882357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4537676-A72E-4433-B44F-3664EDD6F240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D090B10-68F2-424D-8234-2A280AA96B59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "23168B77-645D-4A2A-A6E3-7001104064A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D085B16-3116-423F-BDE0-2D93E12650A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "C51E0C88-B19C-408D-AC17-10CE7462D48A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC41482-B3BC-4C93-A850-73A179BAB763",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADC80BE1-28A6-4348-A061-8FD9C805E945",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.",
      },
      {
         lang: "es",
         value: "La función _gnutls_recv_client_kx_message en lib/gnutls_kx.c de libgnutls en gnutls-serv de GnuTLS versiones anteriores a la 2.2.4 continúa procesando los mensajes Client Hello dentro de un mensaje TLS después de que uno ya haya sido procesado, lo cual permite a atacantes remotos provocar una denegación de servicio (referencia NULL y caída) a través de un mensaje TLS que contiene múltiples mensajes Hello Client, también conocida como GNUTLS-SA-2008-1-2.",
      },
   ],
   id: "CVE-2008-1949",
   lastModified: "2024-11-21T00:45:44.173",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2008-05-21T13:24:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30287",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30302",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30317",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30324",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30330",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30331",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30338",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30355",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/31939",
      },
      {
         source: "secalert@redhat.com",
         url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securityreason.com/securityalert/3902",
      },
      {
         source: "secalert@redhat.com",
         url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
      },
      {
         source: "secalert@redhat.com",
         url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2008/dsa-1581",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/252626",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/29292",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securitytracker.com/id?1020058",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/usn-613-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2008/1582/references",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2008/1583/references",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42530",
      },
      {
         source: "secalert@redhat.com",
         url: "https://issues.rpath.com/browse/RPL-2552",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30287",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30302",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30317",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30324",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30330",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30331",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30338",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30355",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/31939",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securityreason.com/securityalert/3902",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2008/dsa-1581",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/252626",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/29292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1020058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-613-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1582/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1583/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42530",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://issues.rpath.com/browse/RPL-2552",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-06-05 20:55
Modified
2024-11-21 02:08
Severity ?
Summary
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0247.htmlThird Party Advisory
secalert@redhat.comhttp://linux.oracle.com/errata/ELSA-2014-0594.htmlThird Party Advisory
secalert@redhat.comhttp://linux.oracle.com/errata/ELSA-2014-0596.htmlThird Party Advisory
secalert@redhat.comhttp://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0594.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0596.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0687.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0815.htmlThird Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/58591Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/58614Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59021Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59057Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59408Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/60320Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/60415Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/61888Third Party Advisory
secalert@redhat.comhttp://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.htmlThird Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3056Third Party Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:116Third Party Advisory
secalert@redhat.comhttp://www.novell.com/support/kb/doc.php?id=7015302Third Party Advisory
secalert@redhat.comhttp://www.novell.com/support/kb/doc.php?id=7015303Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1102022Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0247.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-0594.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-0596.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0594.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0596.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0687.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0815.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58591Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58614Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59021Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59057Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59408Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60320Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60415Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61888Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3056Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:116Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/kb/doc.php?id=7015302Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/kb/doc.php?id=7015303Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1102022Issue Tracking, Patch, Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77216B5D-E820-4137-B00F-0B66CD08EEE1",
                     versionEndExcluding: "3.5.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2350B15F-7A7A-4BCD-852D-F9999C61DEDF",
                     versionEndExcluding: "3.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "37BA55FC-D350-4DEB-9802-40AF59C99E79",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "569964DA-31BE-4520-A66D-C3B09D557AB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "807C024A-F8E8-4B48-A349-4C68CD252CA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "F96E3779-F56A-45FF-BB3D-4980527D721E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "3ED68ADD-BBDA-4485-BC76-58F011D72311",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "A3A907A3-2A3A-46D4-8D75-914649877B65",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
                     matchCriteriaId: "67960FB9-13D1-4DEE-8158-31BF31BCBE6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
                     matchCriteriaId: "CB6476C7-03F2-4939-AB85-69AA524516D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
                     matchCriteriaId: "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
                     matchCriteriaId: "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "48A2FBA9-207F-4F16-932D-BF0BA3440503",
                     versionEndIncluding: "6.4.0",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C6AC80F-9D91-468D-BEE3-6A0759723673",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades no especificadas en el decodificador DER en GNU Libtasn1 en versiones anteriores a 3.6, como se utiliza en GnuTLS, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo ASN.1 manipulado.",
      },
   ],
   id: "CVE-2014-3467",
   lastModified: "2024-11-21T02:08:09.663",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-06-05T20:55:06.033",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://advisories.mageia.org/MGASA-2014-0247.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/58591",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/58614",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59021",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59057",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59408",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/60320",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/60415",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/61888",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2014/dsa-3056",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.novell.com/support/kb/doc.php?id=7015302",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.novell.com/support/kb/doc.php?id=7015303",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102022",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://advisories.mageia.org/MGASA-2014-0247.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/58591",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/58614",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59021",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59408",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/60320",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/60415",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/61888",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2014/dsa-3056",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.novell.com/support/kb/doc.php?id=7015302",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.novell.com/support/kb/doc.php?id=7015303",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102022",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-06-03 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
References
secalert@redhat.comhttp://linux.oracle.com/errata/ELSA-2014-0594.html
secalert@redhat.comhttp://linux.oracle.com/errata/ELSA-2014-0595.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
secalert@redhat.comhttp://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/Exploit, URL Repurposed
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0594.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0595.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0684.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0815.html
secalert@redhat.comhttp://secunia.com/advisories/58340
secalert@redhat.comhttp://secunia.com/advisories/58598
secalert@redhat.comhttp://secunia.com/advisories/58601
secalert@redhat.comhttp://secunia.com/advisories/58642
secalert@redhat.comhttp://secunia.com/advisories/59016
secalert@redhat.comhttp://secunia.com/advisories/59021
secalert@redhat.comhttp://secunia.com/advisories/59057
secalert@redhat.comhttp://secunia.com/advisories/59086
secalert@redhat.comhttp://secunia.com/advisories/59408
secalert@redhat.comhttp://secunia.com/advisories/59838
secalert@redhat.comhttp://secunia.com/advisories/60384
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21678776
secalert@redhat.comhttp://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-2944
secalert@redhat.comhttp://www.gnutls.org/security.htmlVendor Advisory
secalert@redhat.comhttp://www.novell.com/support/kb/doc.php?id=7015302
secalert@redhat.comhttp://www.novell.com/support/kb/doc.php?id=7015303
secalert@redhat.comhttp://www.securityfocus.com/bid/67741
secalert@redhat.comhttp://www.securitytracker.com/id/1030314
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2229-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1101932
secalert@redhat.comhttps://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfdExploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-0594.html
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-0595.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html
af854a3a-2127-422b-91ae-364da2661108http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/Exploit, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0594.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0595.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0684.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0815.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58340
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58598
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58601
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58642
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59016
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59021
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59057
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59086
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59408
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59838
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60384
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21678776
af854a3a-2127-422b-91ae-364da2661108http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2944
af854a3a-2127-422b-91ae-364da2661108http://www.gnutls.org/security.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/kb/doc.php?id=7015302
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/kb/doc.php?id=7015303
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67741
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030314
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2229-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1101932
af854a3a-2127-422b-91ae-364da2661108https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfdExploit, Patch
Impacted products
Vendor Product Version
gnu gnutls 3.3.0
gnu gnutls 3.3.0
gnu gnutls 3.3.1
gnu gnutls 3.3.2
gnu gnutls 3.3.3
gnu gnutls *
gnu gnutls 3.1.0
gnu gnutls 3.1.1
gnu gnutls 3.1.2
gnu gnutls 3.1.3
gnu gnutls 3.1.4
gnu gnutls 3.1.5
gnu gnutls 3.1.6
gnu gnutls 3.1.7
gnu gnutls 3.1.8
gnu gnutls 3.1.9
gnu gnutls 3.1.10
gnu gnutls 3.1.11
gnu gnutls 3.1.12
gnu gnutls 3.1.13
gnu gnutls 3.1.14
gnu gnutls 3.1.15
gnu gnutls 3.1.16
gnu gnutls 3.1.17
gnu gnutls 3.1.18
gnu gnutls 3.1.19
gnu gnutls 3.1.20
gnu gnutls 3.1.21
gnu gnutls 3.1.22
gnu gnutls 3.1.23
gnu gnutls 3.2.0
gnu gnutls 3.2.1
gnu gnutls 3.2.2
gnu gnutls 3.2.3
gnu gnutls 3.2.4
gnu gnutls 3.2.5
gnu gnutls 3.2.6
gnu gnutls 3.2.7
gnu gnutls 3.2.8
gnu gnutls 3.2.8.1
gnu gnutls 3.2.9
gnu gnutls 3.2.10
gnu gnutls 3.2.11
gnu gnutls 3.2.12
gnu gnutls 3.2.12.1
gnu gnutls 3.2.13
gnu gnutls 3.2.14



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "BE31FE31-3F85-41F3-9DCB-58A090E63DEA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*",
                     matchCriteriaId: "18A0842D-2CAC-4372-80D0-68BCCC28C7BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A91948CE-E418-4450-AB62-9078D3A0FBEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D34267DC-A768-4A0F-BB54-74314B70E4F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "160B3AD7-37A3-4A01-B1CD-83E6500E145A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B744589A-9113-4CA1-AEDC-364251547524",
                     versionEndIncluding: "3.1.24",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D91451B0-301B-430D-9D77-00F4AE91C10A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "344CCDAD-64EC-419C-995B-51F922AB9E39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "49DB8FC4-F84A-47FD-9586-CF02761152A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "D57BDDEB-090D-472C-9FB6-4555429860E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "F430F4C6-A738-4E02-BE76-041F71335E62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "64EE97BB-D0EE-444A-96FA-D127892216F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB28F388-DE19-4C25-A838-949CA926C31A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "435C588C-A478-4FB8-A47D-2605CB39C331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EDDABF3-ECA6-433E-A7D6-8E13F0C6433B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "0142E0D7-85DD-413B-B176-2FB5E12C2FE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "780D6C0C-2B20-425E-B15E-EE1AF9F28B31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC2D3896-E095-4889-A9D1-6D8EB2882D64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3CCDF3A-BEAB-4DA2-A15A-A855FFFD415A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "425F7D5B-EE8A-46EC-B986-414FB90702C6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BC83E92-882B-4984-80FC-FAB7F5CD52E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "8AFAAACF-FD4A-4B1C-A35A-E11189DE2F85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62B585C-2FC8-448F-97E7-CAC59548B03A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "827A375E-8045-4A81-AB7C-11A89E862518",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEC1076D-2249-406B-9D43-B24764BBE007",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F039CD91-0FF6-4640-B981-20A3F9384A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "567E66B1-53D9-4A80-A938-2FE5C7CEB985",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA2186BE-288F-40FD-B634-76D14578E252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "773043EA-8C41-4F42-9702-660FD6822FD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "37E05061-D666-492E-AF2B-CF30FC2FA759",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A22BC2E4-A2A5-4637-A9B9-9E68FC982BC2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "68DF059C-4C1D-4B9C-993E-1C4D3510471C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E9A21B6-4A22-4801-8023-45F39EC02576",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "2EA5F76C-3524-4E80-985F-FC74DD20B5E8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCB890F0-3126-4FDD-8162-AC28754D3D05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "35CAA298-D755-4668-A568-439532DF7A0A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "13B53422-C666-4140-BF8A-EEDB8AC95A70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6B1861D-61C3-469E-B37F-B76758626BCB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.",
      },
      {
         lang: "es",
         value: "Desbordamiento de buffer en la función read_server_hello en lib/gnutls_handshake.c en GnuTLS anterior a 3.1.25, 3.2.x anterior a 3.2.15 y 3.3.x anterior a 3.3.4 permite a servidores remotos causar una denegación de servicio (consumo de memoria) o posiblemente ejecutar código arbitrario a través de una sesión id larga en un mensaje ServerHello.",
      },
   ],
   id: "CVE-2014-3466",
   lastModified: "2024-11-21T02:08:09.493",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-06-03T14:55:10.257",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://linux.oracle.com/errata/ELSA-2014-0595.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "URL Repurposed",
         ],
         url: "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0595.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0684.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/58340",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/58598",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/58601",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/58642",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/59016",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/59021",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/59057",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/59086",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/59408",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/59838",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/60384",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg21678776",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2014/dsa-2944",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnutls.org/security.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/support/kb/doc.php?id=7015302",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/support/kb/doc.php?id=7015303",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/67741",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securitytracker.com/id/1030314",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-2229-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1101932",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://linux.oracle.com/errata/ELSA-2014-0595.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "URL Repurposed",
         ],
         url: "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0595.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0684.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/58340",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/58598",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/58601",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/58642",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/59016",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/59021",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/59057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/59086",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/59408",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/59838",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/60384",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg21678776",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2014/dsa-2944",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnutls.org/security.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/support/kb/doc.php?id=7015302",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/support/kb/doc.php?id=7015303",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/67741",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1030314",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2229-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1101932",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-04-30 20:30
Modified
2024-11-21 01:02
Severity ?
Summary
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
Impacted products
Vendor Product Version
gnu gnutls *
gnu gnutls 1.0.16
gnu gnutls 1.0.17
gnu gnutls 1.0.18
gnu gnutls 1.0.19
gnu gnutls 1.0.20
gnu gnutls 1.0.21
gnu gnutls 1.0.22
gnu gnutls 1.0.23
gnu gnutls 1.0.24
gnu gnutls 1.0.25
gnu gnutls 1.1.13
gnu gnutls 1.1.14
gnu gnutls 1.1.15
gnu gnutls 1.1.16
gnu gnutls 1.1.17
gnu gnutls 1.1.18
gnu gnutls 1.1.19
gnu gnutls 1.1.20
gnu gnutls 1.1.21
gnu gnutls 1.1.22
gnu gnutls 1.1.23
gnu gnutls 1.2.0
gnu gnutls 1.2.1
gnu gnutls 1.2.2
gnu gnutls 1.2.3
gnu gnutls 1.2.4
gnu gnutls 1.2.5
gnu gnutls 1.2.6
gnu gnutls 1.2.7
gnu gnutls 1.2.8
gnu gnutls 1.2.8.1a1
gnu gnutls 1.2.9
gnu gnutls 1.2.10
gnu gnutls 1.2.11
gnu gnutls 1.3.0
gnu gnutls 1.3.1
gnu gnutls 1.3.2
gnu gnutls 1.3.3
gnu gnutls 1.3.4
gnu gnutls 1.3.5
gnu gnutls 1.4.0
gnu gnutls 1.4.1
gnu gnutls 1.4.2
gnu gnutls 1.4.3
gnu gnutls 1.4.4
gnu gnutls 1.4.5
gnu gnutls 1.5.0
gnu gnutls 1.5.1
gnu gnutls 1.5.2
gnu gnutls 1.5.3
gnu gnutls 1.5.4
gnu gnutls 1.5.5
gnu gnutls 1.6.0
gnu gnutls 1.6.1
gnu gnutls 1.6.2
gnu gnutls 1.6.3
gnu gnutls 1.7.0
gnu gnutls 1.7.1
gnu gnutls 1.7.2
gnu gnutls 1.7.3
gnu gnutls 1.7.4
gnu gnutls 1.7.5
gnu gnutls 1.7.6
gnu gnutls 1.7.7
gnu gnutls 1.7.8
gnu gnutls 1.7.9
gnu gnutls 1.7.10
gnu gnutls 1.7.11
gnu gnutls 1.7.12
gnu gnutls 1.7.13
gnu gnutls 1.7.14
gnu gnutls 1.7.15
gnu gnutls 1.7.16
gnu gnutls 1.7.17
gnu gnutls 1.7.18
gnu gnutls 1.7.19
gnu gnutls 2.0.0
gnu gnutls 2.0.1
gnu gnutls 2.0.2
gnu gnutls 2.0.3
gnu gnutls 2.0.4
gnu gnutls 2.1.0
gnu gnutls 2.1.1
gnu gnutls 2.1.2
gnu gnutls 2.1.3
gnu gnutls 2.1.4
gnu gnutls 2.1.5
gnu gnutls 2.1.6
gnu gnutls 2.1.7
gnu gnutls 2.1.8
gnu gnutls 2.2.0
gnu gnutls 2.2.1
gnu gnutls 2.2.2
gnu gnutls 2.2.3
gnu gnutls 2.2.4
gnu gnutls 2.2.5
gnu gnutls 2.3.0
gnu gnutls 2.3.1
gnu gnutls 2.3.2
gnu gnutls 2.3.3
gnu gnutls 2.3.4
gnu gnutls 2.3.5
gnu gnutls 2.3.6
gnu gnutls 2.3.7
gnu gnutls 2.3.8
gnu gnutls 2.3.9
gnu gnutls 2.3.10
gnu gnutls 2.3.11
gnu gnutls 2.4.0
gnu gnutls 2.4.1
gnu gnutls 2.4.2
gnu gnutls 2.6.0
gnu gnutls 2.6.1
gnu gnutls 2.6.2
gnu gnutls 2.6.3
gnu gnutls 2.6.4



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5EDD6F6-742C-4A59-AFB5-A7BCFB6AA759",
                     versionEndIncluding: "2.6.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "754A0D19-A17A-4007-8355-497D14CFCBF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8140DBE1-8116-4051-9A57-07535586E0AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1CC840D-AD01-4EE2-8652-06742A6286BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "84224A82-6D58-4000-A449-20C1632DAE85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "A466931C-769A-4A28-B072-10930CE655E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F621DC-7967-4D97-A562-02E7033C89C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "776E5481-399F-45BC-AD20-A18508B03916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "63D7F972-9128-4A4D-8508-B38CE2F155E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "54FE4766-32D0-491E-8C71-5B998C468142",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F980857-2364-466A-8366-BD017D242222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2E649D-5C45-4412-927B-E3EDCE07587C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "052B40C1-C29B-4189-9A45-DAE873AB716D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "61D05BC3-1315-4AC7-884D-41459272C94B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "738F29DA-9741-4BA5-B370-417443A3AC2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "52173492-1031-4AA4-A600-6210581059D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB636C36-2884-4F66-B68A-4494AEAF90C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9200C3-0F46-4238-918B-38D95BF11547",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B84A4F5-CED7-4633-913F-BE8235F68616",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DB6EC88-DCE0-439B-89CD-18229965849B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E2C89DD-CDBD-4772-A031-089F32006D80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "00DE1208-BDDC-405B-A34A-B58D00A279DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5C952BF-A135-4B15-8A51-94D66B618469",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6ADED309-0A25-478D-B542-96217A0DD63E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F714D22-873A-4D64-8151-86BB55EFD084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E9181F9-50FF-4995-9554-022CF93376C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "86C70F69-FB80-4F32-A798-71A5153E6C29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A1E604-500E-4181-BF66-BB69C7C3F425",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7073EAD-06C9-4309-B479-135021E82B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "1895868E-E501-42C2-8450-EEED4447BAB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "199AA36A-3B23-438C-9109-CC9000372986",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD6FFF05-37B2-4D69-86AF-921591382D21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "22802660-D33F-4683-B82F-C94AC6170A73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5DBAF08-1441-4F14-A740-E90044B77042",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D3B6684-3890-4B60-BE67-D06045A86B3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D61596-01EB-4936-923B-63537625F926",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "599EB59C-7717-47A8-84C6-78B6D79AEB02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "26E9005E-5034-43F2-B96E-7829E19FE3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "83F22BF4-A738-438B-8D0B-6993640F0D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AF269AE-121B-4982-A765-5C7E806FA9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1C9F604-7FBE-4759-B039-8F5894574203",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "191821CD-E4CB-4269-B04C-284A9F9783B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A71474-958D-4689-A652-3E2A731F47FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "38169043-17DF-4CF9-963A-8770B8882357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4537676-A72E-4433-B44F-3664EDD6F240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D090B10-68F2-424D-8234-2A280AA96B59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "23168B77-645D-4A2A-A6E3-7001104064A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D085B16-3116-423F-BDE0-2D93E12650A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "C51E0C88-B19C-408D-AC17-10CE7462D48A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC41482-B3BC-4C93-A850-73A179BAB763",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADC80BE1-28A6-4348-A061-8FD9C805E945",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D7D245A-D983-40AD-89A7-0EA00D38D570",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7223691-225D-4649-B410-F41D2C489BA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "350A6845-77D6-4D63-A13C-5DAB55F98727",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D457688-987A-4059-AA58-D9BF19ABC48B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA20043D-EC85-4003-9E7B-27AB50F4E133",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.",
      },
      {
         lang: "es",
         value: "gnutls-cli en GnuTLS anteriores a v2.6.6 no verifica la activación y tiempos de caducidad de los certificados X.509, lo cual permite a atacantes remotos presentar con éxito un certificado que (1) aún es válido o (2) ya no es válido, en relación con la falta de controles en el tiempo la función _gnutls_x509_verify_certificate en lib/x509/verify.c en libgnutls_x509, utilizado por (a) Exim, (b) OpenLDAP y (c) libsoup.",
      },
   ],
   id: "CVE-2009-1417",
   lastModified: "2024-11-21T01:02:24.657",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-04-30T20:30:00.593",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/34842",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/35211",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/34783",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id?1022159",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2009/1218",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50261",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/34842",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/35211",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/34783",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1022159",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2009/1218",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50261",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vendorComments: [
      {
         comment: "The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 4, or 5.\n\nFor further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1417\n",
         lastModified: "2009-08-11T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-04 07:15
Modified
2024-11-21 05:01
Summary
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.htmlBroken Link
cve@mitre.orghttps://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03Vendor Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/
cve@mitre.orghttps://security.gentoo.org/glsa/202006-01Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200619-0004/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4384-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4697Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202006-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200619-0004/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4384-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4697Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D9A3007-021D-4104-8BE1-1F3B205D832A",
                     versionEndExcluding: "3.6.14",
                     versionStartIncluding: "3.6.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.",
      },
      {
         lang: "es",
         value: "GnuTLS versiones 3.6.x anteriores a 3.6.14, usa una criptografía incorrecta para cifrar un ticket de sesión (una pérdida de confidencialidad en TLS versión 1.2, y un desvío de autenticación en TLS versión 1.3). La primera versión afectada es la 3.6.4 (24-09-2018) debido a un error en un commit del 18-09-2018. Hasta la primera rotación de claves, el servidor TLS siempre utiliza datos erróneos en lugar de una clave de cifrado derivada de una aplicación",
      },
   ],
   id: "CVE-2020-13777",
   lastModified: "2024-11-21T05:01:50.330",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-04T07:15:10.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202006-01",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200619-0004/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4384-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4697",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202006-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200619-0004/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4384-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4697",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-327",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-03-24 15:59
Modified
2024-11-21 03:27
Severity ?
Summary
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
References
security@debian.orghttp://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.htmlThird Party Advisory
security@debian.orghttp://www.openwall.com/lists/oss-security/2017/01/10/7Mailing List, Patch, Third Party Advisory
security@debian.orghttp://www.openwall.com/lists/oss-security/2017/01/11/4Mailing List, Patch, Third Party Advisory
security@debian.orghttp://www.securityfocus.com/bid/95370Third Party Advisory, VDB Entry
security@debian.orghttp://www.securitytracker.com/id/1037576Third Party Advisory, VDB Entry
security@debian.orghttps://access.redhat.com/errata/RHSA-2017:2292
security@debian.orghttps://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1bIssue Tracking, Patch, Third Party Advisory
security@debian.orghttps://gnutls.org/security.html#GNUTLS-SA-2017-1Vendor Advisory
security@debian.orghttps://security.gentoo.org/glsa/201702-04Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/01/10/7Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/01/11/4Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/95370Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037576Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2292
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1bIssue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gnutls.org/security.html#GNUTLS-SA-2017-1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201702-04Patch, Third Party Advisory, Vendor Advisory
Impacted products
Vendor Product Version
opensuse leap 42.1
opensuse leap 42.2
gnu gnutls *
gnu gnutls 3.5.0
gnu gnutls 3.5.1
gnu gnutls 3.5.2
gnu gnutls 3.5.3
gnu gnutls 3.5.4
gnu gnutls 3.5.5
gnu gnutls 3.5.6
gnu gnutls 3.5.7



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BCB1A63-F2CF-474F-AAF6-CE225C58B765",
                     versionEndIncluding: "3.3.25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434168D-05A8-4300-9069-C55566A5EAA0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BACD6E9A-8CCA-44C3-AE54-BAABEAB5BB37",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D6FA626-AEE9-4E3B-8BE4-3F2D46FF072D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA302AC-1DE9-4D36-94B2-BB4411E9BF53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "71805931-872A-4F1A-A8B4-82347C2EF90E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1A489C2-4824-4133-83E0-625AA454E959",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8D38B82-82A7-4943-BE1C-77EC707289D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "850A1174-F1E7-47EA-AF71-FEB6C4379EDC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.",
      },
      {
         lang: "es",
         value: "La vulnerabilidad de liberación doble en la función gnutls_x509_ext_import_proxy de GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permite a los atacantes remotos tener un impacto no especificado a través de una información de lenguaje de directivas elaborada en un certificado X.509 con una extensión Proxy Certificate Information.",
      },
   ],
   id: "CVE-2017-5334",
   lastModified: "2024-11-21T03:27:24.647",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-03-24T15:59:00.763",
   references: [
      {
         source: "security@debian.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
      },
      {
         source: "security@debian.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
      },
      {
         source: "security@debian.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
      },
      {
         source: "security@debian.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/95370",
      },
      {
         source: "security@debian.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037576",
      },
      {
         source: "security@debian.org",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "security@debian.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b",
      },
      {
         source: "security@debian.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://gnutls.org/security.html#GNUTLS-SA-2017-1",
      },
      {
         source: "security@debian.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201702-04",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/95370",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037576",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://gnutls.org/security.html#GNUTLS-SA-2017-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201702-04",
      },
   ],
   sourceIdentifier: "security@debian.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-415",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-03-07 00:10
Modified
2024-11-21 01:11
Severity ?
Summary
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.
References
secalert@redhat.comhttp://article.gmane.org/gmane.comp.security.oss.general/12223
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0247.html
secalert@redhat.comhttp://secunia.com/advisories/57254
secalert@redhat.comhttp://secunia.com/advisories/57260
secalert@redhat.comhttp://secunia.com/advisories/57274
secalert@redhat.comhttp://secunia.com/advisories/57321
secalert@redhat.comhttp://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361
secalert@redhat.comhttp://thread.gmane.org/gmane.comp.security.oss.general/12127
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1069301
secalert@redhat.comhttps://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cdExploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.comp.security.oss.general/12223
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0247.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57254
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57260
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57274
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57321
af854a3a-2127-422b-91ae-364da2661108http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361
af854a3a-2127-422b-91ae-364da2661108http://thread.gmane.org/gmane.comp.security.oss.general/12127
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1069301
af854a3a-2127-422b-91ae-364da2661108https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cdExploit, Patch
Impacted products
Vendor Product Version
gnu gnutls *
gnu gnutls 2.7.0
gnu gnutls 2.7.1
gnu gnutls 2.7.2
gnu gnutls 2.7.3
gnu gnutls 2.7.4



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B6933E02-FFDA-4A43-B57A-4DAB1562ECAC",
                     versionEndIncluding: "2.7.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAAA2229-7618-49C1-B420-E0E46DC89D91",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "63BC1989-DBCD-4006-916D-719A2CD92CAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9497DC81-8CFF-44DD-BF0A-D2B5A9482131",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F15C655C-2833-4263-BD99-F31331AC80CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B5E7C27-A5D9-4ABD-AFC5-5367083F387F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.",
      },
      {
         lang: "es",
         value: "GnuTLS anterior a 2.7.6, cuando el indicador GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT no está habilitado, trata certificados X.509 de versión 1 como CAs intermedios, lo que permite a atacantes remotos evadir restricciones mediante el aprovechamiento de un certificado X.509 V1 de un CA confiable para emitir certificados nuevos, una vulnerabilidad diferente a CVE-2014-1959.",
      },
   ],
   id: "CVE-2009-5138",
   lastModified: "2024-11-21T01:11:15.220",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-03-07T00:10:53.323",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://article.gmane.org/gmane.comp.security.oss.general/12223",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0247.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/57254",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/57274",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/57321",
      },
      {
         source: "secalert@redhat.com",
         url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361",
      },
      {
         source: "secalert@redhat.com",
         url: "http://thread.gmane.org/gmane.comp.security.oss.general/12127",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1069301",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://article.gmane.org/gmane.comp.security.oss.general/12223",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0247.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57254",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57274",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57321",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://thread.gmane.org/gmane.comp.security.oss.general/12127",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1069301",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2024-01-16 14:15
Modified
2024-11-21 08:46
Summary
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0533Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1082Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1383
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2094
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2024-0567Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2258544Exploit, Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://gitlab.com/gnutls/gnutls/-/issues/1521Exploit, Issue Tracking, Patch, Vendor Advisory
secalert@redhat.comhttps://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/01/19/3
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0533Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1082Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1383
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2094
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2024-0567Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2258544Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/-/issues/1521Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
af854a3a-2127-422b-91ae-364da2661108https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240202-0011/
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B04601A-3664-4F94-A0AE-70AE438430F5",
                     versionEndExcluding: "3.8.3",
                     versionStartIncluding: "3.7.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad en GnuTLS, donde una cabina (que usa gnuTLS) rechaza una cadena de certificados con confianza distribuida. Este problema ocurre al validar una cadena de certificados con cockpit-certificate-ensure. Este fallo permite que un cliente o atacante remoto no autenticado inicie un ataque de denegación de servicio.",
      },
   ],
   id: "CVE-2024-0567",
   lastModified: "2024-11-21T08:46:53.563",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-01-16T14:15:48.527",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:0533",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1082",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:1383",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:2094",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-0567",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258544",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/issues/1521",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2024/01/19/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:0533",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1082",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:1383",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:2094",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-0567",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258544",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/issues/1521",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240202-0011/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-347",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-347",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-08-12 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
cve@mitre.orghttp://article.gmane.org/gmane.network.gnutls.general/1733Vendor Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
cve@mitre.orghttp://secunia.com/advisories/36266Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36496
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2009/08/14/6
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2009-1232.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/507985/100/0/threaded
cve@mitre.orghttp://www.securitytracker.com/id?1022777
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2009-0016.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/52404
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409
cve@mitre.orghttps://rhn.redhat.com/errata/RHSA-2010-0095.html
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.network.gnutls.general/1733Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36266Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36496
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/08/14/6
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1232.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/507985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022777
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2009-0016.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/52404
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2010-0095.html
Impacted products
Vendor Product Version
gnu gnutls *
gnu gnutls 1.0.16
gnu gnutls 1.0.17
gnu gnutls 1.0.18
gnu gnutls 1.0.19
gnu gnutls 1.0.20
gnu gnutls 1.0.21
gnu gnutls 1.0.22
gnu gnutls 1.0.23
gnu gnutls 1.0.24
gnu gnutls 1.0.25
gnu gnutls 1.1.13
gnu gnutls 1.1.14
gnu gnutls 1.1.15
gnu gnutls 1.1.16
gnu gnutls 1.1.17
gnu gnutls 1.1.18
gnu gnutls 1.1.19
gnu gnutls 1.1.20
gnu gnutls 1.1.21
gnu gnutls 1.1.22
gnu gnutls 1.1.23
gnu gnutls 1.2.0
gnu gnutls 1.2.1
gnu gnutls 1.2.2
gnu gnutls 1.2.3
gnu gnutls 1.2.4
gnu gnutls 1.2.5
gnu gnutls 1.2.6
gnu gnutls 1.2.7
gnu gnutls 1.2.8
gnu gnutls 1.2.8.1a1
gnu gnutls 1.2.9
gnu gnutls 1.2.10
gnu gnutls 1.2.11
gnu gnutls 1.3.0
gnu gnutls 1.3.1
gnu gnutls 1.3.2
gnu gnutls 1.3.3
gnu gnutls 1.3.4
gnu gnutls 1.3.5
gnu gnutls 1.4.0
gnu gnutls 1.4.1
gnu gnutls 1.4.2
gnu gnutls 1.4.3
gnu gnutls 1.4.4
gnu gnutls 1.4.5
gnu gnutls 1.5.0
gnu gnutls 1.5.1
gnu gnutls 1.5.2
gnu gnutls 1.5.3
gnu gnutls 1.5.4
gnu gnutls 1.5.5
gnu gnutls 1.6.0
gnu gnutls 1.6.1
gnu gnutls 1.6.2
gnu gnutls 1.6.3
gnu gnutls 1.7.0
gnu gnutls 1.7.1
gnu gnutls 1.7.2
gnu gnutls 1.7.3
gnu gnutls 1.7.4
gnu gnutls 1.7.5
gnu gnutls 1.7.6
gnu gnutls 1.7.7
gnu gnutls 1.7.8
gnu gnutls 1.7.9
gnu gnutls 1.7.10
gnu gnutls 1.7.11
gnu gnutls 1.7.12
gnu gnutls 1.7.13
gnu gnutls 1.7.14
gnu gnutls 1.7.15
gnu gnutls 1.7.16
gnu gnutls 1.7.17
gnu gnutls 1.7.18
gnu gnutls 1.7.19
gnu gnutls 2.0.0
gnu gnutls 2.0.1
gnu gnutls 2.0.2
gnu gnutls 2.0.3
gnu gnutls 2.0.4
gnu gnutls 2.1.0
gnu gnutls 2.1.1
gnu gnutls 2.1.2
gnu gnutls 2.1.3
gnu gnutls 2.1.4
gnu gnutls 2.1.5
gnu gnutls 2.1.6
gnu gnutls 2.1.7
gnu gnutls 2.1.8
gnu gnutls 2.2.0
gnu gnutls 2.2.1
gnu gnutls 2.2.2
gnu gnutls 2.2.3
gnu gnutls 2.2.4
gnu gnutls 2.2.5
gnu gnutls 2.3.0
gnu gnutls 2.3.1
gnu gnutls 2.3.2
gnu gnutls 2.3.3
gnu gnutls 2.3.4
gnu gnutls 2.3.5
gnu gnutls 2.3.6
gnu gnutls 2.3.7
gnu gnutls 2.3.8
gnu gnutls 2.3.9
gnu gnutls 2.3.10
gnu gnutls 2.3.11
gnu gnutls 2.4.0
gnu gnutls 2.4.1
gnu gnutls 2.4.2
gnu gnutls 2.5.0
gnu gnutls 2.6.0
gnu gnutls 2.6.1
gnu gnutls 2.6.2
gnu gnutls 2.6.3
gnu gnutls 2.6.4
gnu gnutls 2.6.5
gnu gnutls 2.6.6
gnu gnutls 2.8.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7DF1A90-D8BB-40B5-B136-39300DB1EFE3",
                     versionEndIncluding: "2.8.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "754A0D19-A17A-4007-8355-497D14CFCBF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8140DBE1-8116-4051-9A57-07535586E0AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1CC840D-AD01-4EE2-8652-06742A6286BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "84224A82-6D58-4000-A449-20C1632DAE85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "A466931C-769A-4A28-B072-10930CE655E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F621DC-7967-4D97-A562-02E7033C89C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "776E5481-399F-45BC-AD20-A18508B03916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "63D7F972-9128-4A4D-8508-B38CE2F155E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "54FE4766-32D0-491E-8C71-5B998C468142",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F980857-2364-466A-8366-BD017D242222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2E649D-5C45-4412-927B-E3EDCE07587C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "052B40C1-C29B-4189-9A45-DAE873AB716D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "61D05BC3-1315-4AC7-884D-41459272C94B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "738F29DA-9741-4BA5-B370-417443A3AC2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "52173492-1031-4AA4-A600-6210581059D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB636C36-2884-4F66-B68A-4494AEAF90C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9200C3-0F46-4238-918B-38D95BF11547",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B84A4F5-CED7-4633-913F-BE8235F68616",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DB6EC88-DCE0-439B-89CD-18229965849B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E2C89DD-CDBD-4772-A031-089F32006D80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "00DE1208-BDDC-405B-A34A-B58D00A279DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5C952BF-A135-4B15-8A51-94D66B618469",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6ADED309-0A25-478D-B542-96217A0DD63E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F714D22-873A-4D64-8151-86BB55EFD084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E9181F9-50FF-4995-9554-022CF93376C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "86C70F69-FB80-4F32-A798-71A5153E6C29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A1E604-500E-4181-BF66-BB69C7C3F425",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7073EAD-06C9-4309-B479-135021E82B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "1895868E-E501-42C2-8450-EEED4447BAB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "199AA36A-3B23-438C-9109-CC9000372986",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD6FFF05-37B2-4D69-86AF-921591382D21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "22802660-D33F-4683-B82F-C94AC6170A73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5DBAF08-1441-4F14-A740-E90044B77042",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D3B6684-3890-4B60-BE67-D06045A86B3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D61596-01EB-4936-923B-63537625F926",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "599EB59C-7717-47A8-84C6-78B6D79AEB02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "26E9005E-5034-43F2-B96E-7829E19FE3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "83F22BF4-A738-438B-8D0B-6993640F0D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AF269AE-121B-4982-A765-5C7E806FA9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1C9F604-7FBE-4759-B039-8F5894574203",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "191821CD-E4CB-4269-B04C-284A9F9783B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A71474-958D-4689-A652-3E2A731F47FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "38169043-17DF-4CF9-963A-8770B8882357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4537676-A72E-4433-B44F-3664EDD6F240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D090B10-68F2-424D-8234-2A280AA96B59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "23168B77-645D-4A2A-A6E3-7001104064A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D085B16-3116-423F-BDE0-2D93E12650A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "C51E0C88-B19C-408D-AC17-10CE7462D48A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC41482-B3BC-4C93-A850-73A179BAB763",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADC80BE1-28A6-4348-A061-8FD9C805E945",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D7D245A-D983-40AD-89A7-0EA00D38D570",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7223691-225D-4649-B410-F41D2C489BA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "350A6845-77D6-4D63-A13C-5DAB55F98727",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D457688-987A-4059-AA58-D9BF19ABC48B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA20043D-EC85-4003-9E7B-27AB50F4E133",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "18A2C47E-510D-4537-8F51-3763A73E8E52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4704D411-7B24-4B1F-9D40-A39A178FF873",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3091701-9B7C-4494-A82E-6E6F64656D85",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "libgnutls in GnuTLS before 2.8.2 does not properly handle a '\\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.",
      },
      {
         lang: "es",
         value: "libgnutls en GnuTLS versiones anteriores a v2.8.2 no gestiona adecuadamente un carácter '\\0' en el nombre de dominio en los campos de identificación (1) Common Name (CN) o (2) Subject Alternative Name (SAN) de un certificado X.509, permitiendo que atacantes \"hombre en el medio\" (man-in-the-middle) suplanten servidores SSL de su elección mediante un certificado modificado que ha sido proporcionado por una Autoridad de Certificación legítima.",
      },
   ],
   id: "CVE-2009-2730",
   lastModified: "2024-11-21T01:05:36.903",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-08-12T10:30:01.360",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://article.gmane.org/gmane.network.gnutls.general/1733",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36266",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/36496",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2009/08/14/6",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2009-1232.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id?1022777",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409",
      },
      {
         source: "cve@mitre.org",
         url: "https://rhn.redhat.com/errata/RHSA-2010-0095.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://article.gmane.org/gmane.network.gnutls.general/1733",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/36266",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/36496",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2009/08/14/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2009-1232.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1022777",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://rhn.redhat.com/errata/RHSA-2010-0095.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-08-01 14:15
Modified
2024-11-21 07:01
Summary
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8704EA12-AC39-4E61-808D-D24D017CF541",
                     versionEndExcluding: "3.7.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad encontrada en gnutls. Este fallo de seguridad es producida por un error de doble liberación durante la verificación de firmas pkcs7 en la función gnutls_pkcs7_verify",
      },
   ],
   id: "CVE-2022-2509",
   lastModified: "2024-11-21T07:01:08.500",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-08-01T14:15:09.890",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2022-2509",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5203",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2022-2509",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5203",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-415",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-03-13 22:55
Modified
2024-11-21 01:37
Severity ?
Summary
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
Impacted products
Vendor Product Version
gnu gnutls *
gnu gnutls 1.0.16
gnu gnutls 1.0.17
gnu gnutls 1.0.18
gnu gnutls 1.0.19
gnu gnutls 1.0.20
gnu gnutls 1.0.21
gnu gnutls 1.0.22
gnu gnutls 1.0.23
gnu gnutls 1.0.24
gnu gnutls 1.0.25
gnu gnutls 1.1.13
gnu gnutls 1.1.14
gnu gnutls 1.1.15
gnu gnutls 1.1.16
gnu gnutls 1.1.17
gnu gnutls 1.1.18
gnu gnutls 1.1.19
gnu gnutls 1.1.20
gnu gnutls 1.1.21
gnu gnutls 1.1.22
gnu gnutls 1.1.23
gnu gnutls 1.2.0
gnu gnutls 1.2.1
gnu gnutls 1.2.2
gnu gnutls 1.2.3
gnu gnutls 1.2.4
gnu gnutls 1.2.5
gnu gnutls 1.2.6
gnu gnutls 1.2.7
gnu gnutls 1.2.8
gnu gnutls 1.2.8.1a1
gnu gnutls 1.2.9
gnu gnutls 1.2.10
gnu gnutls 1.2.11
gnu gnutls 1.3.0
gnu gnutls 1.3.1
gnu gnutls 1.3.2
gnu gnutls 1.3.3
gnu gnutls 1.3.4
gnu gnutls 1.3.5
gnu gnutls 1.4.0
gnu gnutls 1.4.1
gnu gnutls 1.4.2
gnu gnutls 1.4.3
gnu gnutls 1.4.4
gnu gnutls 1.4.5
gnu gnutls 1.5.0
gnu gnutls 1.5.1
gnu gnutls 1.5.2
gnu gnutls 1.5.3
gnu gnutls 1.5.4
gnu gnutls 1.5.5
gnu gnutls 1.6.0
gnu gnutls 1.6.1
gnu gnutls 1.6.2
gnu gnutls 1.6.3
gnu gnutls 1.7.0
gnu gnutls 1.7.1
gnu gnutls 1.7.2
gnu gnutls 1.7.3
gnu gnutls 1.7.4
gnu gnutls 1.7.5
gnu gnutls 1.7.6
gnu gnutls 1.7.7
gnu gnutls 1.7.8
gnu gnutls 1.7.9
gnu gnutls 1.7.10
gnu gnutls 1.7.11
gnu gnutls 1.7.12
gnu gnutls 1.7.13
gnu gnutls 1.7.14
gnu gnutls 1.7.15
gnu gnutls 1.7.16
gnu gnutls 1.7.17
gnu gnutls 1.7.18
gnu gnutls 1.7.19
gnu gnutls 2.0.0
gnu gnutls 2.0.1
gnu gnutls 2.0.2
gnu gnutls 2.0.3
gnu gnutls 2.0.4
gnu gnutls 2.1.0
gnu gnutls 2.1.1
gnu gnutls 2.1.2
gnu gnutls 2.1.3
gnu gnutls 2.1.4
gnu gnutls 2.1.5
gnu gnutls 2.1.6
gnu gnutls 2.1.7
gnu gnutls 2.1.8
gnu gnutls 2.2.0
gnu gnutls 2.2.1
gnu gnutls 2.2.2
gnu gnutls 2.2.3
gnu gnutls 2.2.4
gnu gnutls 2.2.5
gnu gnutls 2.3.0
gnu gnutls 2.3.1
gnu gnutls 2.3.2
gnu gnutls 2.3.3
gnu gnutls 2.3.4
gnu gnutls 2.3.5
gnu gnutls 2.3.6
gnu gnutls 2.3.7
gnu gnutls 2.3.8
gnu gnutls 2.3.9
gnu gnutls 2.3.10
gnu gnutls 2.3.11
gnu gnutls 2.4.0
gnu gnutls 2.4.1
gnu gnutls 2.4.2
gnu gnutls 2.4.3
gnu gnutls 2.5.0
gnu gnutls 2.6.0
gnu gnutls 2.6.1
gnu gnutls 2.6.2
gnu gnutls 2.6.3
gnu gnutls 2.6.4
gnu gnutls 2.6.5
gnu gnutls 2.6.6
gnu gnutls 2.7.4
gnu gnutls 2.8.0
gnu gnutls 2.8.1
gnu gnutls 2.8.2
gnu gnutls 2.8.3
gnu gnutls 2.8.4
gnu gnutls 2.8.5
gnu gnutls 2.8.6
gnu gnutls 2.10.0
gnu gnutls 2.10.1
gnu gnutls 2.10.2
gnu gnutls 2.10.3
gnu gnutls 2.10.4
gnu gnutls 2.10.5
gnu gnutls 2.12.0
gnu gnutls 2.12.1
gnu gnutls 2.12.2
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 2.12.5
gnu gnutls 2.12.6
gnu gnutls 2.12.6.1
gnu gnutls 2.12.7
gnu gnutls 2.12.8
gnu gnutls 2.12.9
gnu gnutls 2.12.10
gnu gnutls 2.12.11
gnu gnutls 2.12.12
gnu gnutls 2.12.13
gnu gnutls 2.12.14
gnu gnutls 3.0
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 3.0.2
gnu gnutls 3.0.3
gnu gnutls 3.0.4
gnu gnutls 3.0.5
gnu gnutls 3.0.6
gnu gnutls 3.0.7
gnu gnutls 3.0.8
gnu gnutls 3.0.9
gnu gnutls 3.0.10
gnu gnutls 3.0.11
gnu gnutls 3.0.12



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "756A2865-1786-470A-9A62-B5E2AF659DA6",
                     versionEndIncluding: "3.0.13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "754A0D19-A17A-4007-8355-497D14CFCBF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8140DBE1-8116-4051-9A57-07535586E0AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1CC840D-AD01-4EE2-8652-06742A6286BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "84224A82-6D58-4000-A449-20C1632DAE85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "A466931C-769A-4A28-B072-10930CE655E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F621DC-7967-4D97-A562-02E7033C89C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "776E5481-399F-45BC-AD20-A18508B03916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "63D7F972-9128-4A4D-8508-B38CE2F155E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "54FE4766-32D0-491E-8C71-5B998C468142",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F980857-2364-466A-8366-BD017D242222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2E649D-5C45-4412-927B-E3EDCE07587C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "052B40C1-C29B-4189-9A45-DAE873AB716D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "61D05BC3-1315-4AC7-884D-41459272C94B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "738F29DA-9741-4BA5-B370-417443A3AC2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "52173492-1031-4AA4-A600-6210581059D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB636C36-2884-4F66-B68A-4494AEAF90C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9200C3-0F46-4238-918B-38D95BF11547",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B84A4F5-CED7-4633-913F-BE8235F68616",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DB6EC88-DCE0-439B-89CD-18229965849B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E2C89DD-CDBD-4772-A031-089F32006D80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "00DE1208-BDDC-405B-A34A-B58D00A279DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5C952BF-A135-4B15-8A51-94D66B618469",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6ADED309-0A25-478D-B542-96217A0DD63E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F714D22-873A-4D64-8151-86BB55EFD084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E9181F9-50FF-4995-9554-022CF93376C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "86C70F69-FB80-4F32-A798-71A5153E6C29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A1E604-500E-4181-BF66-BB69C7C3F425",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7073EAD-06C9-4309-B479-135021E82B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "1895868E-E501-42C2-8450-EEED4447BAB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "199AA36A-3B23-438C-9109-CC9000372986",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD6FFF05-37B2-4D69-86AF-921591382D21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "22802660-D33F-4683-B82F-C94AC6170A73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5DBAF08-1441-4F14-A740-E90044B77042",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D3B6684-3890-4B60-BE67-D06045A86B3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D61596-01EB-4936-923B-63537625F926",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "599EB59C-7717-47A8-84C6-78B6D79AEB02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "26E9005E-5034-43F2-B96E-7829E19FE3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "83F22BF4-A738-438B-8D0B-6993640F0D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AF269AE-121B-4982-A765-5C7E806FA9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1C9F604-7FBE-4759-B039-8F5894574203",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "191821CD-E4CB-4269-B04C-284A9F9783B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A71474-958D-4689-A652-3E2A731F47FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "38169043-17DF-4CF9-963A-8770B8882357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4537676-A72E-4433-B44F-3664EDD6F240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D090B10-68F2-424D-8234-2A280AA96B59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "23168B77-645D-4A2A-A6E3-7001104064A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D085B16-3116-423F-BDE0-2D93E12650A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "C51E0C88-B19C-408D-AC17-10CE7462D48A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC41482-B3BC-4C93-A850-73A179BAB763",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADC80BE1-28A6-4348-A061-8FD9C805E945",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D7D245A-D983-40AD-89A7-0EA00D38D570",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7223691-225D-4649-B410-F41D2C489BA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F786B6F2-77FC-4DFE-A574-2C00EDC08CE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "350A6845-77D6-4D63-A13C-5DAB55F98727",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D457688-987A-4059-AA58-D9BF19ABC48B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA20043D-EC85-4003-9E7B-27AB50F4E133",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "18A2C47E-510D-4537-8F51-3763A73E8E52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4704D411-7B24-4B1F-9D40-A39A178FF873",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B5E7C27-A5D9-4ABD-AFC5-5367083F387F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3091701-9B7C-4494-A82E-6E6F64656D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "541BCA04-0500-4388-9140-55C17E17EB15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E11431F6-8C9D-40E1-84F6-CD25147DB15E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DC3D824-585E-49F1-9E44-902F5C7D57D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2097221B-46C2-480C-8D79-54080186BB58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5CEC430-8CFF-4DC5-9B2B-338C401B1984",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2DAA60D-F9B4-4045-81C2-29AD913E7BF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "547CC163-57F9-4418-BFB1-0E688DEEE0BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A274912-B16F-4B91-8CC0-E5CEED04B678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA84D0DE-B63F-41E4-AB04-70D2F5134D46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5552C7B3-5D56-4858-B138-F49CD1F90513",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F7E11DD-6AFC-4271-92D5-FB41CA6E1B52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA23D0EC-6014-4303-962A-1936EFCE3D16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8BA54B99-2FF1-432F-9587-8F384323CADE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "39F59B50-BC97-43B3-BC15-C767F420291E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B25626-7C72-4BAE-85FF-415A5F376A00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "31E092EF-D7F6-4160-B928-3C3EA1198B33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "185A2FAD-5541-4439-924B-406BD33E6FA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "854F260C-4C7D-4855-8644-4B6DC7CD5657",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "07E877F8-3623-4295-816F-7EE4FFDE1599",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "86E711C7-37EE-4957-BD49-FA08103357BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "A964A74F-CC0E-4E2E-8DBB-858A66EA2566",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC43DD1B-D8F0-4CC6-A5A9-C0DCEB1A7131",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8150D656-9B13-49D0-9960-4C78E057AB26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0161F845-C5F4-4318-949A-499A4062FB78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C42F577F-264C-4F8F-955A-67743965AB8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "022F28CD-4D6B-48AB-8E39-244E19D34F67",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "16B5986E-1029-4D40-8012-1FF1615C929A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "45439989-0D3B-4DCE-AB35-B63B1543CD59",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de doble liberación en libgnutls en GnuTLS antes de 3.0.14 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente tener un impacto no especificado a través de una lista de certificados modificados.",
      },
   ],
   id: "CVE-2012-1663",
   lastModified: "2024-11-21T01:37:25.010",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-03-13T22:55:03.067",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5866",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.exploit-db.com/exploits/24865",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74099",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5866",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.exploit-db.com/exploits/24865",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74099",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-399",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-02-15 18:15
Modified
2024-11-21 07:37
Summary
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
References
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-0361Third Party Advisory
secalert@redhat.comhttps://github.com/tlsfuzzer/tlsfuzzer/pull/679Issue Tracking, Patch
secalert@redhat.comhttps://gitlab.com/gnutls/gnutls/-/issues/1050Exploit, Issue Tracking, Vendor Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2023/02/msg00015.htmlMailing List, Third Party Advisory
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20230324-0005/Third Party Advisory
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20230725-0005/
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-0361Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/tlsfuzzer/tlsfuzzer/pull/679Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/-/issues/1050Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/02/msg00015.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20230324-0005/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20230725-0005/



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.6.8-11.el8_2:*:*:*:*:*:*:*",
                     matchCriteriaId: "AAE4C2DF-8869-439F-99E2-2A0E7A03A96F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                     matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:converged_systems_advisor_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A865472-D6A4-49D9-96E5-D33D0E58144D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.",
      },
   ],
   id: "CVE-2023-0361",
   lastModified: "2024-11-21T07:37:02.870",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-02-15T18:15:11.683",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2023-0361",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/tlsfuzzer/tlsfuzzer/pull/679",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/issues/1050",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230324-0005/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://security.netapp.com/advisory/ntap-20230725-0005/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2023-0361",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/tlsfuzzer/tlsfuzzer/pull/679",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/issues/1050",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230324-0005/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20230725-0005/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-203",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2008-05-21 13:24
Modified
2024-11-21 00:45
Severity ?
Summary
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
References
secalert@redhat.comhttp://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b
secalert@redhat.comhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.htmlPatch
secalert@redhat.comhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html
secalert@redhat.comhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html
secalert@redhat.comhttp://secunia.com/advisories/30287
secalert@redhat.comhttp://secunia.com/advisories/30302
secalert@redhat.comhttp://secunia.com/advisories/30317
secalert@redhat.comhttp://secunia.com/advisories/30324
secalert@redhat.comhttp://secunia.com/advisories/30330
secalert@redhat.comhttp://secunia.com/advisories/30331
secalert@redhat.comhttp://secunia.com/advisories/30338
secalert@redhat.comhttp://secunia.com/advisories/30355
secalert@redhat.comhttp://secunia.com/advisories/31939
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200805-20.xml
secalert@redhat.comhttp://securityreason.com/securityalert/3902
secalert@redhat.comhttp://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558
secalert@redhat.comhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174
secalert@redhat.comhttp://www.cert.fi/haavoittuvuudet/advisory-gnutls.html
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1581
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/659209US Government Resource
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:106
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2008/05/20/1
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2008/05/20/2Patch
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2008/05/20/3
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0489.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0492.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/492282/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/492464/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/29292
secalert@redhat.comhttp://www.securitytracker.com/id?1020059
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-613-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1582/references
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1583/references
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/42533
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-2552
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30287
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30302
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30317
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30324
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30330
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30331
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30338
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30355
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31939
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200805-20.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3902
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174
af854a3a-2127-422b-91ae-364da2661108http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1581
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/659209US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:106
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/05/20/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/05/20/2Patch
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/05/20/3
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0489.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0492.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/492282/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/492464/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/29292
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020059
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-613-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1582/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1583/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/42533
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-2552
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html
Impacted products
Vendor Product Version
gnu gnutls 1.0.18
gnu gnutls 1.0.19
gnu gnutls 1.0.20
gnu gnutls 1.0.21
gnu gnutls 1.0.22
gnu gnutls 1.0.23
gnu gnutls 1.0.24
gnu gnutls 1.0.25
gnu gnutls 1.1.13
gnu gnutls 1.1.14
gnu gnutls 1.1.15
gnu gnutls 1.1.16
gnu gnutls 1.1.17
gnu gnutls 1.1.18
gnu gnutls 1.1.19
gnu gnutls 1.1.20
gnu gnutls 1.1.21
gnu gnutls 1.1.22
gnu gnutls 1.1.23
gnu gnutls 1.2.0
gnu gnutls 1.2.1
gnu gnutls 1.2.2
gnu gnutls 1.2.3
gnu gnutls 1.2.4
gnu gnutls 1.2.5
gnu gnutls 1.2.6
gnu gnutls 1.2.7
gnu gnutls 1.2.8
gnu gnutls 1.2.9
gnu gnutls 1.2.10
gnu gnutls 1.2.11
gnu gnutls 1.3.0
gnu gnutls 1.3.1
gnu gnutls 1.3.2
gnu gnutls 1.3.3
gnu gnutls 1.3.4
gnu gnutls 1.3.5
gnu gnutls 1.4.0
gnu gnutls 1.4.1
gnu gnutls 1.4.2
gnu gnutls 1.4.3
gnu gnutls 1.4.4
gnu gnutls 1.4.5
gnu gnutls 1.5.0
gnu gnutls 1.5.1
gnu gnutls 1.5.2
gnu gnutls 1.5.3
gnu gnutls 1.5.4
gnu gnutls 1.5.5
gnu gnutls 1.6.0
gnu gnutls 1.6.1
gnu gnutls 1.6.2
gnu gnutls 1.6.3
gnu gnutls 1.7.0
gnu gnutls 1.7.1
gnu gnutls 1.7.2
gnu gnutls 1.7.3
gnu gnutls 1.7.4
gnu gnutls 1.7.5
gnu gnutls 1.7.6
gnu gnutls 1.7.7
gnu gnutls 1.7.8
gnu gnutls 1.7.9
gnu gnutls 1.7.10
gnu gnutls 1.7.11
gnu gnutls 1.7.12
gnu gnutls 1.7.13
gnu gnutls 1.7.14
gnu gnutls 1.7.15
gnu gnutls 1.7.16
gnu gnutls 1.7.17
gnu gnutls 1.7.18
gnu gnutls 1.7.19
gnu gnutls 2.0.0
gnu gnutls 2.0.1
gnu gnutls 2.0.2
gnu gnutls 2.0.3
gnu gnutls 2.0.4
gnu gnutls 2.1.0
gnu gnutls 2.1.1
gnu gnutls 2.1.2
gnu gnutls 2.1.3
gnu gnutls 2.1.4
gnu gnutls 2.1.5
gnu gnutls 2.1.6
gnu gnutls 2.1.7
gnu gnutls 2.1.8
gnu gnutls 2.2.0
gnu gnutls 2.2.1
gnu gnutls 2.2.2
gnu gnutls 2.2.3
gnu gnutls 2.2.4
gnu gnutls 2.2.5
gnu gnutls 2.3.0
gnu gnutls 2.3.1
gnu gnutls 2.3.2
gnu gnutls 2.3.3
gnu gnutls 2.3.4
gnu gnutls 2.3.5
gnu gnutls 2.3.6
gnu gnutls 2.3.7
gnu gnutls 2.3.8
gnu gnutls 2.3.9
gnu gnutls 2.3.10
gnu gnutls 2.3.11



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "754A0D19-A17A-4007-8355-497D14CFCBF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8140DBE1-8116-4051-9A57-07535586E0AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1CC840D-AD01-4EE2-8652-06742A6286BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "84224A82-6D58-4000-A449-20C1632DAE85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "A466931C-769A-4A28-B072-10930CE655E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F621DC-7967-4D97-A562-02E7033C89C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "776E5481-399F-45BC-AD20-A18508B03916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "63D7F972-9128-4A4D-8508-B38CE2F155E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "54FE4766-32D0-491E-8C71-5B998C468142",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F980857-2364-466A-8366-BD017D242222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2E649D-5C45-4412-927B-E3EDCE07587C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "052B40C1-C29B-4189-9A45-DAE873AB716D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "61D05BC3-1315-4AC7-884D-41459272C94B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "738F29DA-9741-4BA5-B370-417443A3AC2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "52173492-1031-4AA4-A600-6210581059D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB636C36-2884-4F66-B68A-4494AEAF90C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9200C3-0F46-4238-918B-38D95BF11547",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B84A4F5-CED7-4633-913F-BE8235F68616",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DB6EC88-DCE0-439B-89CD-18229965849B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E2C89DD-CDBD-4772-A031-089F32006D80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "00DE1208-BDDC-405B-A34A-B58D00A279DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5C952BF-A135-4B15-8A51-94D66B618469",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6ADED309-0A25-478D-B542-96217A0DD63E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F714D22-873A-4D64-8151-86BB55EFD084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E9181F9-50FF-4995-9554-022CF93376C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "86C70F69-FB80-4F32-A798-71A5153E6C29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A1E604-500E-4181-BF66-BB69C7C3F425",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7073EAD-06C9-4309-B479-135021E82B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "1895868E-E501-42C2-8450-EEED4447BAB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "199AA36A-3B23-438C-9109-CC9000372986",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD6FFF05-37B2-4D69-86AF-921591382D21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "22802660-D33F-4683-B82F-C94AC6170A73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5DBAF08-1441-4F14-A740-E90044B77042",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D3B6684-3890-4B60-BE67-D06045A86B3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D61596-01EB-4936-923B-63537625F926",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "599EB59C-7717-47A8-84C6-78B6D79AEB02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "26E9005E-5034-43F2-B96E-7829E19FE3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "83F22BF4-A738-438B-8D0B-6993640F0D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AF269AE-121B-4982-A765-5C7E806FA9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1C9F604-7FBE-4759-B039-8F5894574203",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "191821CD-E4CB-4269-B04C-284A9F9783B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A71474-958D-4689-A652-3E2A731F47FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "38169043-17DF-4CF9-963A-8770B8882357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4537676-A72E-4433-B44F-3664EDD6F240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D090B10-68F2-424D-8234-2A280AA96B59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "23168B77-645D-4A2A-A6E3-7001104064A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D085B16-3116-423F-BDE0-2D93E12650A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "C51E0C88-B19C-408D-AC17-10CE7462D48A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC41482-B3BC-4C93-A850-73A179BAB763",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADC80BE1-28A6-4348-A061-8FD9C805E945",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.",
      },
      {
         lang: "es",
         value: "Error en signo de entero de la función the _gnutls_ciphertext2compressed en lib/gnutls_cipher.c de libgnutls en GnuTLS versiones anteriores a la 2.2.4, permite a atacantes remotos provocar una denegación de servicio (sobre-lectura de búfer y caída) a través de determinados valores de entero en el campo Random de un mensaje Client Hello encriptado dentro de un registro TLS con una longitud de registro no válida, lo cual conlleva una longitud de relleno de cifra no válido, también conocido como GNUTLS-SA-2008-1-3.",
      },
   ],
   evaluatorSolution: "The vendor has released a statement regarding this issue:\r\n\r\nhttp://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001208.html",
   id: "CVE-2008-1950",
   lastModified: "2024-11-21T00:45:44.343",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2008-05-21T13:24:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30287",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30302",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30317",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30324",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30330",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30331",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30338",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30355",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/31939",
      },
      {
         source: "secalert@redhat.com",
         url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securityreason.com/securityalert/3902",
      },
      {
         source: "secalert@redhat.com",
         url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
      },
      {
         source: "secalert@redhat.com",
         url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2008/dsa-1581",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/659209",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/29292",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securitytracker.com/id?1020059",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/usn-613-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2008/1582/references",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2008/1583/references",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533",
      },
      {
         source: "secalert@redhat.com",
         url: "https://issues.rpath.com/browse/RPL-2552",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30287",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30302",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30317",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30324",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30330",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30331",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30338",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30355",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/31939",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securityreason.com/securityalert/3902",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2008/dsa-1581",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/659209",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/29292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1020059",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-613-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1582/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1583/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://issues.rpath.com/browse/RPL-2552",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-189",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-03-26 19:55
Modified
2024-11-21 01:37
Severity ?
Summary
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
References
secalert@redhat.comhttp://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
secalert@redhat.comhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910
secalert@redhat.comhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912
secalert@redhat.comhttp://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/Exploit
secalert@redhat.comhttp://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d
secalert@redhat.comhttp://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
secalert@redhat.comhttp://osvdb.org/80259
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0429.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0488.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0531.html
secalert@redhat.comhttp://secunia.com/advisories/48488
secalert@redhat.comhttp://secunia.com/advisories/48511
secalert@redhat.comhttp://secunia.com/advisories/48596
secalert@redhat.comhttp://secunia.com/advisories/48712
secalert@redhat.comhttp://secunia.com/advisories/57260
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2441
secalert@redhat.comhttp://www.gnu.org/software/gnutls/security.htmlVendor Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:040
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/03/21/4
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/03/21/5
secalert@redhat.comhttp://www.securityfocus.com/bid/52667
secalert@redhat.comhttp://www.securitytracker.com/id?1026828
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1418-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=805432
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912
af854a3a-2127-422b-91ae-364da2661108http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/Exploit
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80259
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0429.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0488.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0531.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48488
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48511
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48596
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48712
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57260
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2441
af854a3a-2127-422b-91ae-364da2661108http://www.gnu.org/software/gnutls/security.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:040
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/03/21/4
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/03/21/5
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52667
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026828
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1418-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=805432
Impacted products
Vendor Product Version
gnu gnutls *
gnu gnutls 2.0.0
gnu gnutls 2.0.1
gnu gnutls 2.0.2
gnu gnutls 2.0.3
gnu gnutls 2.0.4
gnu gnutls 2.1.0
gnu gnutls 2.1.1
gnu gnutls 2.1.2
gnu gnutls 2.1.3
gnu gnutls 2.1.4
gnu gnutls 2.1.5
gnu gnutls 2.1.6
gnu gnutls 2.1.7
gnu gnutls 2.1.8
gnu gnutls 2.2.0
gnu gnutls 2.2.1
gnu gnutls 2.2.2
gnu gnutls 2.2.3
gnu gnutls 2.2.4
gnu gnutls 2.2.5
gnu gnutls 2.3.0
gnu gnutls 2.3.1
gnu gnutls 2.3.2
gnu gnutls 2.3.3
gnu gnutls 2.3.4
gnu gnutls 2.3.5
gnu gnutls 2.3.6
gnu gnutls 2.3.7
gnu gnutls 2.3.8
gnu gnutls 2.3.9
gnu gnutls 2.3.10
gnu gnutls 2.3.11
gnu gnutls 2.4.0
gnu gnutls 2.4.1
gnu gnutls 2.4.2
gnu gnutls 2.4.3
gnu gnutls 2.5.0
gnu gnutls 2.6.0
gnu gnutls 2.6.1
gnu gnutls 2.6.2
gnu gnutls 2.6.3
gnu gnutls 2.6.4
gnu gnutls 2.6.5
gnu gnutls 2.6.6
gnu gnutls 2.7.4
gnu gnutls 2.8.0
gnu gnutls 2.8.1
gnu gnutls 2.8.2
gnu gnutls 2.8.3
gnu gnutls 2.8.4
gnu gnutls 2.8.5
gnu gnutls 2.8.6
gnu gnutls 2.10.0
gnu gnutls 2.10.1
gnu gnutls 2.10.2
gnu gnutls 2.10.3
gnu gnutls 2.10.4
gnu gnutls 2.10.5
gnu gnutls 2.12.0
gnu gnutls 2.12.1
gnu gnutls 2.12.2
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 2.12.5
gnu gnutls 2.12.6
gnu gnutls 2.12.6.1
gnu gnutls 2.12.7
gnu gnutls 2.12.8
gnu gnutls 2.12.9
gnu gnutls 2.12.10
gnu gnutls 2.12.11
gnu gnutls 2.12.12
gnu gnutls 2.12.13
gnu gnutls 2.12.14
gnu gnutls 2.12.15
gnu gnutls 3.0
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 3.0.2
gnu gnutls 3.0.3
gnu gnutls 3.0.4
gnu gnutls 3.0.5
gnu gnutls 3.0.6
gnu gnutls 3.0.7
gnu gnutls 3.0.8
gnu gnutls 3.0.9
gnu gnutls 3.0.10
gnu gnutls 3.0.11
gnu gnutls 3.0.12
gnu gnutls 3.0.13
gnu gnutls 3.0.14



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E74CD4C2-9970-4B33-9697-DD51275ADEEC",
                     versionEndIncluding: "2.12.16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D61596-01EB-4936-923B-63537625F926",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "599EB59C-7717-47A8-84C6-78B6D79AEB02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "26E9005E-5034-43F2-B96E-7829E19FE3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "83F22BF4-A738-438B-8D0B-6993640F0D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AF269AE-121B-4982-A765-5C7E806FA9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1C9F604-7FBE-4759-B039-8F5894574203",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "191821CD-E4CB-4269-B04C-284A9F9783B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A71474-958D-4689-A652-3E2A731F47FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "38169043-17DF-4CF9-963A-8770B8882357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4537676-A72E-4433-B44F-3664EDD6F240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D090B10-68F2-424D-8234-2A280AA96B59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "23168B77-645D-4A2A-A6E3-7001104064A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D085B16-3116-423F-BDE0-2D93E12650A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "C51E0C88-B19C-408D-AC17-10CE7462D48A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC41482-B3BC-4C93-A850-73A179BAB763",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADC80BE1-28A6-4348-A061-8FD9C805E945",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D7D245A-D983-40AD-89A7-0EA00D38D570",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7223691-225D-4649-B410-F41D2C489BA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F786B6F2-77FC-4DFE-A574-2C00EDC08CE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "350A6845-77D6-4D63-A13C-5DAB55F98727",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D457688-987A-4059-AA58-D9BF19ABC48B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA20043D-EC85-4003-9E7B-27AB50F4E133",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "18A2C47E-510D-4537-8F51-3763A73E8E52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4704D411-7B24-4B1F-9D40-A39A178FF873",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B5E7C27-A5D9-4ABD-AFC5-5367083F387F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3091701-9B7C-4494-A82E-6E6F64656D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "541BCA04-0500-4388-9140-55C17E17EB15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E11431F6-8C9D-40E1-84F6-CD25147DB15E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DC3D824-585E-49F1-9E44-902F5C7D57D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2097221B-46C2-480C-8D79-54080186BB58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5CEC430-8CFF-4DC5-9B2B-338C401B1984",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2DAA60D-F9B4-4045-81C2-29AD913E7BF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "547CC163-57F9-4418-BFB1-0E688DEEE0BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A274912-B16F-4B91-8CC0-E5CEED04B678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA84D0DE-B63F-41E4-AB04-70D2F5134D46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5552C7B3-5D56-4858-B138-F49CD1F90513",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F7E11DD-6AFC-4271-92D5-FB41CA6E1B52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA23D0EC-6014-4303-962A-1936EFCE3D16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8BA54B99-2FF1-432F-9587-8F384323CADE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "39F59B50-BC97-43B3-BC15-C767F420291E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B25626-7C72-4BAE-85FF-415A5F376A00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "31E092EF-D7F6-4160-B928-3C3EA1198B33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "185A2FAD-5541-4439-924B-406BD33E6FA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "854F260C-4C7D-4855-8644-4B6DC7CD5657",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "07E877F8-3623-4295-816F-7EE4FFDE1599",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "86E711C7-37EE-4957-BD49-FA08103357BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "A964A74F-CC0E-4E2E-8DBB-858A66EA2566",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B36918C-BB8D-4B8E-8868-7726C5ADD4FE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC43DD1B-D8F0-4CC6-A5A9-C0DCEB1A7131",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8150D656-9B13-49D0-9960-4C78E057AB26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0161F845-C5F4-4318-949A-499A4062FB78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C42F577F-264C-4F8F-955A-67743965AB8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "022F28CD-4D6B-48AB-8E39-244E19D34F67",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "16B5986E-1029-4D40-8012-1FF1615C929A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "45439989-0D3B-4DCE-AB35-B63B1543CD59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBCD4F3C-8BD4-4367-B00C-A1379C158625",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "12F2CFB7-5ACF-4328-B0F8-C3A981CAA368",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.",
      },
      {
         lang: "es",
         value: "gnutls_cipher.c en libgnutls en GnuTLS antes de v2.12.17 y v3.x antes de v3.0.15 no maneja adecuadamente los datos cifrados con un cifrado de bloques, lo que permite provocar una denegación de servicio (corrupción de la pila de memoria y caída de la aplicación) a atacantes remotos a través de un registro hecho a mano, como se demuestra por una estructura GenericBlockCipher especificamente creada para este fin.",
      },
   ],
   id: "CVE-2012-1573",
   lastModified: "2024-11-21T01:37:14.133",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-03-26T19:55:01.390",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910",
      },
      {
         source: "secalert@redhat.com",
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
      },
      {
         source: "secalert@redhat.com",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d",
      },
      {
         source: "secalert@redhat.com",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://osvdb.org/80259",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0429.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/48488",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/48511",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/48596",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/48712",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2012/dsa-2441",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/03/21/4",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/03/21/5",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/52667",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securitytracker.com/id?1026828",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1418-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=805432",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80259",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0429.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/48488",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/48511",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/48596",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/48712",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2012/dsa-2441",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/03/21/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/03/21/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/52667",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1026828",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1418-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=805432",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-03-24 15:59
Modified
2024-11-21 03:27
Summary
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
References
security@debian.orghttp://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.htmlThird Party Advisory
security@debian.orghttp://rhn.redhat.com/errata/RHSA-2017-0574.html
security@debian.orghttp://www.openwall.com/lists/oss-security/2017/01/10/7Mailing List, Patch, Third Party Advisory
security@debian.orghttp://www.openwall.com/lists/oss-security/2017/01/11/4Mailing List, Patch, Third Party Advisory
security@debian.orghttp://www.securityfocus.com/bid/95374Third Party Advisory, VDB Entry
security@debian.orghttp://www.securitytracker.com/id/1037576Third Party Advisory, VDB Entry
security@debian.orghttps://access.redhat.com/errata/RHSA-2017:2292
security@debian.orghttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337Issue Tracking, Patch, Third Party Advisory
security@debian.orghttps://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3aIssue Tracking, Patch, Third Party Advisory
security@debian.orghttps://gnutls.org/security.html#GNUTLS-SA-2017-2Vendor Advisory
security@debian.orghttps://security.gentoo.org/glsa/201702-04Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2017-0574.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/01/10/7Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/01/11/4Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/95374Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037576Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2292
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3aIssue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gnutls.org/security.html#GNUTLS-SA-2017-2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201702-04Patch, Third Party Advisory, Vendor Advisory
Impacted products
Vendor Product Version
opensuse leap 42.1
opensuse leap 42.2
gnu gnutls *
gnu gnutls 3.5.0
gnu gnutls 3.5.1
gnu gnutls 3.5.2
gnu gnutls 3.5.3
gnu gnutls 3.5.4
gnu gnutls 3.5.5
gnu gnutls 3.5.6
gnu gnutls 3.5.7



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BCB1A63-F2CF-474F-AAF6-CE225C58B765",
                     versionEndIncluding: "3.3.25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434168D-05A8-4300-9069-C55566A5EAA0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BACD6E9A-8CCA-44C3-AE54-BAABEAB5BB37",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D6FA626-AEE9-4E3B-8BE4-3F2D46FF072D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA302AC-1DE9-4D36-94B2-BB4411E9BF53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "71805931-872A-4F1A-A8B4-82347C2EF90E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1A489C2-4824-4133-83E0-625AA454E959",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8D38B82-82A7-4943-BE1C-77EC707289D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "850A1174-F1E7-47EA-AF71-FEB6C4379EDC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.",
      },
      {
         lang: "es",
         value: "Las funciones de lectura de flujo en lib/opencdk/read-packet.c en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permiten a atacantes remotos provocar una denegación de servicio (fallo de memoria y error) Certificado OpenPGP.",
      },
   ],
   id: "CVE-2017-5335",
   lastModified: "2024-11-21T03:27:24.777",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-03-24T15:59:00.810",
   references: [
      {
         source: "security@debian.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
      },
      {
         source: "security@debian.org",
         url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
      },
      {
         source: "security@debian.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
      },
      {
         source: "security@debian.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
      },
      {
         source: "security@debian.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/95374",
      },
      {
         source: "security@debian.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037576",
      },
      {
         source: "security@debian.org",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "security@debian.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337",
      },
      {
         source: "security@debian.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a",
      },
      {
         source: "security@debian.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
      },
      {
         source: "security@debian.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201702-04",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/95374",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037576",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201702-04",
      },
   ],
   sourceIdentifier: "security@debian.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-04-30 20:30
Modified
2024-11-21 01:02
Severity ?
Summary
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
Impacted products
Vendor Product Version
gnu gnutls 2.5.0
gnu gnutls 2.6.0
gnu gnutls 2.6.1
gnu gnutls 2.6.2
gnu gnutls 2.6.3
gnu gnutls 2.6.4
gnu gnutls 2.6.5



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "350A6845-77D6-4D63-A13C-5DAB55F98727",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D457688-987A-4059-AA58-D9BF19ABC48B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA20043D-EC85-4003-9E7B-27AB50F4E133",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "18A2C47E-510D-4537-8F51-3763A73E8E52",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.",
      },
      {
         lang: "es",
         value: "lib/gnutls_pk.c en libgnutls en GnuTLS v2.5.0 hasta v2.6.5 genera claves RSA almacenados en estructuras DSA, en lugar de las claves DSA previstas, lo cual podría permitir a atacantes remotos suplantar firmas en los certificados o tener otro impacto no especificado por el utilizamiento de una clave DSA no es válida.",
      },
   ],
   id: "CVE-2009-1416",
   lastModified: "2024-11-21T01:02:24.510",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-04-30T20:30:00.577",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/34842",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/35211",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/34783",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id?1022158",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2009/1218",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/34842",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/35211",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/34783",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1022158",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2009/1218",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vendorComments: [
      {
         comment: "Not vulnerable. This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5 as it only affected gnutls 2.6.x versions.",
         lastModified: "2009-09-21T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-11-20 14:12
Modified
2024-11-21 01:55
Severity ?
Summary
Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.
Impacted products
Vendor Product Version
gnu gnutls 3.1.0
gnu gnutls 3.1.1
gnu gnutls 3.1.2
gnu gnutls 3.1.3
gnu gnutls 3.1.4
gnu gnutls 3.1.5
gnu gnutls 3.1.6
gnu gnutls 3.1.7
gnu gnutls 3.1.8
gnu gnutls 3.1.9
gnu gnutls 3.1.10
gnu gnutls 3.1.11
gnu gnutls 3.1.12
gnu gnutls 3.1.13
gnu gnutls 3.1.14
gnu gnutls 3.2.0
gnu gnutls 3.2.1
gnu gnutls 3.2.2
gnu gnutls 3.2.3
gnu gnutls 3.2.4



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D91451B0-301B-430D-9D77-00F4AE91C10A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "344CCDAD-64EC-419C-995B-51F922AB9E39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "49DB8FC4-F84A-47FD-9586-CF02761152A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "D57BDDEB-090D-472C-9FB6-4555429860E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "F430F4C6-A738-4E02-BE76-041F71335E62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "64EE97BB-D0EE-444A-96FA-D127892216F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB28F388-DE19-4C25-A838-949CA926C31A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "435C588C-A478-4FB8-A47D-2605CB39C331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "827A375E-8045-4A81-AB7C-11A89E862518",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEC1076D-2249-406B-9D43-B24764BBE007",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F039CD91-0FF6-4640-B981-20A3F9384A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.",
      },
      {
         lang: "es",
         value: "Desbordamiento de búfer en la función dane_query_tlsa de la librería DANE (libdane) en GnuTLS 3.1.x anterior a la versión 3.1.15 y 3.2.x anterior a 3.2.5 permite en servidores remotos provocar una denegación de servicio (corrupción de memoria) a través de una respuesta que implique más de 4 entradas DANE.",
      },
   ],
   id: "CVE-2013-4466",
   lastModified: "2024-11-21T01:55:37.387",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-11-20T14:12:30.350",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2013/10/25/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2013/10/25/2",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-08-24 14:59
Modified
2024-11-21 02:34
Severity ?
Summary
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html
secalert@redhat.comhttp://www.debian.org/security/2015/dsa-3334
secalert@redhat.comhttp://www.gnutls.org/security.html#GNUTLS-SA-2015-3Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2015/08/10/1
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2015/08/17/6
secalert@redhat.comhttp://www.securityfocus.com/bid/76267
secalert@redhat.comhttp://www.securitytracker.com/id/1033226
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1251902
secalert@redhat.comhttps://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3334
af854a3a-2127-422b-91ae-364da2661108http://www.gnutls.org/security.html#GNUTLS-SA-2015-3Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/08/10/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/08/17/6
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/76267
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033226
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1251902
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12
Impacted products
Vendor Product Version
gnu gnutls 3.3.0
gnu gnutls 3.3.0
gnu gnutls 3.3.1
gnu gnutls 3.3.2
gnu gnutls 3.3.3
gnu gnutls 3.3.4
gnu gnutls 3.3.5
gnu gnutls 3.3.6
gnu gnutls 3.3.7
gnu gnutls 3.3.8
gnu gnutls 3.3.9
gnu gnutls 3.3.10
gnu gnutls 3.3.11
gnu gnutls 3.3.12
gnu gnutls 3.3.13
gnu gnutls 3.3.14
gnu gnutls 3.3.15
gnu gnutls 3.3.16
gnu gnutls 3.4.0
gnu gnutls 3.4.1
gnu gnutls 3.4.2
gnu gnutls 3.4.3
debian debian_linux 8.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "BE31FE31-3F85-41F3-9DCB-58A090E63DEA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.0:pre0:*:*:*:*:*:*",
                     matchCriteriaId: "18A0842D-2CAC-4372-80D0-68BCCC28C7BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A91948CE-E418-4450-AB62-9078D3A0FBEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D34267DC-A768-4A0F-BB54-74314B70E4F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "160B3AD7-37A3-4A01-B1CD-83E6500E145A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCE61F19-A2C3-4FE9-9C5A-D1FB949B6CEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EDFE7E2-12FC-4819-8615-F76A312E8BEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4993D25F-607B-4486-B9EC-566A1EEBE73B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "9FEF4D26-DD0C-4E67-8901-8B38A51C1FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "49CE4BAE-77EC-469D-9FE2-A807B7E2EC64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "7921C926-450B-4EFF-B610-B8B8FD17AE1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "199F787B-0515-442A-8FFA-7A2D8E145792",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6916156-380B-4BF5-A070-8710F728C62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "20A990DC-4934-4466-978B-26105AD2DAC1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEE96D17-4EBB-4AA1-AC55-28E65F18A5A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93C125C-331E-450B-879B-2444AE32E022",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "924DABC9-8131-4280-8151-26DC08078E1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.3.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "31B28D33-61C9-4A83-B9FF-31EF7A8DB195",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F4DFB1F-772E-4514-B0EC-66923F422797",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "537DB088-69A7-4482-A639-F3F4C44CA79C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8F38611-4E74-4180-844C-CBD2C3230684",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "461EA8A4-C0C0-4F21-89A0-EACAB34C4C18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de liberación doble en GnuTLS en versiones anteriores a la 3.3.17 y 3.4.x versiones anteriores a 3.4.4, permite a atacantes remotos causar una denegación de servicio a través de una entrada DistinguishedName (DN) de gran longitud en un certificado.",
      },
   ],
   evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/415.html\">CWE-415: Double Free</a>",
   id: "CVE-2015-6251",
   lastModified: "2024-11-21T02:34:38.617",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-08-24T14:59:10.947",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2015/dsa-3334",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2015/08/10/1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2015/08/17/6",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/76267",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securitytracker.com/id/1033226",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1251902",
      },
      {
         source: "secalert@redhat.com",
         url: "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2015/dsa-3334",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/08/10/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/08/17/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/76267",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1033226",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1251902",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-04-14 04:59
Modified
2024-11-21 03:32
Summary
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
Impacted products
Vendor Product Version
gnu gnutls *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "10ED3317-8157-49E1-9831-CFA9335397CD",
                     versionEndIncluding: "3.5.9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.",
      },
      {
         lang: "es",
         value: "GnuTLS en versiones anteriores a 20-02-2017 tiene una escritura fuera de límites provocado por un desbordamiento de entero y desbordamiento de búfer basado en memoria dinámica en relación con la función cdk_pkt_read en opencdk/read-packet.c. Este problema (que es un subconjunto del informe GNUTLS-SA-2017-3 del proveedor) se fija en 3.5.10.",
      },
   ],
   id: "CVE-2017-7869",
   lastModified: "2024-11-21T03:32:51.733",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-04-14T04:59:00.727",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/97040",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/97040",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-06-10 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.
Impacted products
Vendor Product Version
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 3.0.2
gnu gnutls 3.0.3
gnu gnutls 3.0.4
gnu gnutls 3.0.5
gnu gnutls 3.0.6
gnu gnutls 3.0.7
gnu gnutls 3.0.8
gnu gnutls 3.0.9
gnu gnutls 3.0.10
gnu gnutls 3.0.11
gnu gnutls 3.0.12
gnu gnutls 3.0.13
gnu gnutls 3.0.14
gnu gnutls 3.0.15
gnu gnutls 3.0.16
gnu gnutls 3.0.17
gnu gnutls 3.0.18
gnu gnutls 3.0.19
gnu gnutls 3.0.20
gnu gnutls 3.0.21
gnu gnutls 3.0.22
gnu gnutls 3.0.23
gnu gnutls 3.0.24
gnu gnutls 3.0.25
gnu gnutls 3.0.26
gnu gnutls 3.0.27
gnu gnutls 3.0.28
gnu gnutls 3.1.0
gnu gnutls 3.1.1
gnu gnutls 3.1.2
gnu gnutls 3.1.3
gnu gnutls 3.1.4
gnu gnutls 3.1.5
gnu gnutls 3.1.6
gnu gnutls 3.1.7
gnu gnutls 3.1.8
gnu gnutls 3.1.9
gnu gnutls 3.1.10
gnu gnutls 3.1.11
gnu gnutls 3.1.12
gnu gnutls 3.1.13
gnu gnutls 3.1.14
gnu gnutls 3.1.15
gnu gnutls 3.1.16
gnu gnutls 3.1.17
gnu gnutls 3.1.18
gnu gnutls 3.1.19
gnu gnutls 3.2.0
gnu gnutls 3.2.1
gnu gnutls 3.2.2
gnu gnutls 3.2.3
gnu gnutls 3.2.4
gnu gnutls 3.2.5
gnu gnutls 3.2.6
gnu gnutls 3.2.7
gnu gnutls 3.2.8
gnu gnutls 3.2.8.1
gnu gnutls 3.2.9



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8150D656-9B13-49D0-9960-4C78E057AB26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0161F845-C5F4-4318-949A-499A4062FB78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C42F577F-264C-4F8F-955A-67743965AB8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "022F28CD-4D6B-48AB-8E39-244E19D34F67",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "16B5986E-1029-4D40-8012-1FF1615C929A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "45439989-0D3B-4DCE-AB35-B63B1543CD59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBCD4F3C-8BD4-4367-B00C-A1379C158625",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "12F2CFB7-5ACF-4328-B0F8-C3A981CAA368",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC3A72EF-FB1C-4CD8-B6C7-B7D60D6A14D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "14624E40-3CAA-45E5-BDF2-F08706FC68BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "E743ABC3-6F24-43E1-98E5-6F60BE975212",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDA000C-A616-402B-B964-D5F4ADB6B550",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "62789464-0074-4009-B97B-665A21E0CC25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B02B1BA-4E05-4AFD-B1F8-1CB54F2DC5B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "95A77487-3ABD-40F5-9C98-49A65ED7F16D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "3911F202-5E7B-4DE3-90D9-07278923036B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CF1B6CF-3434-4874-9324-87D045511A13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "133CA307-1B3A-4DBB-89F8-C780E4B1BA7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "48CD2EAB-A10E-4C91-9D00-9F98BD63CA1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.26:*:*:*:*:*:*:*",
                     matchCriteriaId: "F97BE4C9-E7FC-44FE-9F11-7776BCD6E81F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.27:*:*:*:*:*:*:*",
                     matchCriteriaId: "D97EAF12-679B-4494-871F-0074ABD0E20B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.28:*:*:*:*:*:*:*",
                     matchCriteriaId: "70F58963-0C56-4228-B9DC-1EA54DA8070D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D91451B0-301B-430D-9D77-00F4AE91C10A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "344CCDAD-64EC-419C-995B-51F922AB9E39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "49DB8FC4-F84A-47FD-9586-CF02761152A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "D57BDDEB-090D-472C-9FB6-4555429860E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CB23D13-94D2-4FAE-AB76-8574E35E02AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D45B0F5E-B4E1-471E-8CDD-85E09837839F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "F430F4C6-A738-4E02-BE76-041F71335E62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "F272E2DC-7E54-4034-B7BA-30966D57CDFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "64EE97BB-D0EE-444A-96FA-D127892216F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB28F388-DE19-4C25-A838-949CA926C31A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "33DCAA09-7E8C-4C3E-901F-641681AA9E3C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "435C588C-A478-4FB8-A47D-2605CB39C331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EDDABF3-ECA6-433E-A7D6-8E13F0C6433B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "0142E0D7-85DD-413B-B176-2FB5E12C2FE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "780D6C0C-2B20-425E-B15E-EE1AF9F28B31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC2D3896-E095-4889-A9D1-6D8EB2882D64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3CCDF3A-BEAB-4DA2-A15A-A855FFFD415A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "827A375E-8045-4A81-AB7C-11A89E862518",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEC1076D-2249-406B-9D43-B24764BBE007",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F039CD91-0FF6-4640-B981-20A3F9384A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8008DADD-DB6C-4C67-B333-0DC4C7152B2A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC9E811B-4EED-4B6A-8836-5405F7F5A53D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "567E66B1-53D9-4A80-A938-2FE5C7CEB985",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA2186BE-288F-40FD-B634-76D14578E252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "773043EA-8C41-4F42-9702-660FD6822FD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "37E05061-D666-492E-AF2B-CF30FC2FA759",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A22BC2E4-A2A5-4637-A9B9-9E68FC982BC2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "68DF059C-4C1D-4B9C-993E-1C4D3510471C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.",
      },
      {
         lang: "es",
         value: "La función gnutls_x509_dn_oid_name en lib/x509/common.c en GnuTLS 3.0 anterior a 3.1.20 y 3.2.x anterior a 3.2.10 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de un certificado X.509 manipulado, relacionado con la falta de una descripción LDAP para un identificador de objeto (OID) cuando se imprime el DN.",
      },
   ],
   evaluatorComment: "Per http://cwe.mitre.org/data/definitions/476.html\n\"CWE-476: NULL Pointer Dereference\"",
   id: "CVE-2014-3465",
   lastModified: "2024-11-21T02:08:09.320",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-06-10T14:55:10.163",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0684.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/59086",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1101734",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0684.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/59086",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1101734",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-03-12 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
References
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1922276Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20210416-0005/Third Party Advisory
secalert@redhat.comhttps://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1922276Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210416-0005/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10Exploit, Vendor Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "66BC7206-28E1-4A23-9701-78ABEA79D0C5",
                     versionEndExcluding: "3.7.1",
                     versionStartIncluding: "3.6.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.",
      },
      {
         lang: "es",
         value: "Se encontró un defecto en gnutls.&#xa0;Un uso de la memoria previamente liberada en el cliente que envía la extensión key_share puede conllevar a una corrupción de la memoria y otras consecuencias",
      },
   ],
   id: "CVE-2021-20231",
   lastModified: "2024-11-21T05:46:10.697",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-03-12T19:15:13.037",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20210416-0005/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20210416-0005/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-06-05 20:55
Modified
2024-11-21 02:08
Severity ?
Summary
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0247.htmlThird Party Advisory
secalert@redhat.comhttp://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923fPatch, Vendor Advisory
secalert@redhat.comhttp://linux.oracle.com/errata/ELSA-2014-0594.htmlThird Party Advisory
secalert@redhat.comhttp://linux.oracle.com/errata/ELSA-2014-0596.htmlThird Party Advisory
secalert@redhat.comhttp://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlMailing List, Patch, Vendor Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0594.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0596.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0687.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0815.htmlThird Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/58591Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/58614Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59021Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59057Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59408Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/60320Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/60415Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/61888Third Party Advisory
secalert@redhat.comhttp://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.htmlThird Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3056Third Party Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:116Third Party Advisory
secalert@redhat.comhttp://www.novell.com/support/kb/doc.php?id=7015302Third Party Advisory
secalert@redhat.comhttp://www.novell.com/support/kb/doc.php?id=7015303Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1102323Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0247.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923fPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-0594.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-0596.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlMailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0594.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0596.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0687.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0815.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58591Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58614Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59021Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59057Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59408Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60320Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60415Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61888Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3056Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:116Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/kb/doc.php?id=7015302Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/kb/doc.php?id=7015303Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1102323Issue Tracking, Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77216B5D-E820-4137-B00F-0B66CD08EEE1",
                     versionEndExcluding: "3.5.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2350B15F-7A7A-4BCD-852D-F9999C61DEDF",
                     versionEndExcluding: "3.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "37BA55FC-D350-4DEB-9802-40AF59C99E79",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "569964DA-31BE-4520-A66D-C3B09D557AB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "807C024A-F8E8-4B48-A349-4C68CD252CA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "F96E3779-F56A-45FF-BB3D-4980527D721E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "3ED68ADD-BBDA-4485-BC76-58F011D72311",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "A3A907A3-2A3A-46D4-8D75-914649877B65",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
                     matchCriteriaId: "67960FB9-13D1-4DEE-8158-31BF31BCBE6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
                     matchCriteriaId: "CB6476C7-03F2-4939-AB85-69AA524516D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
                     matchCriteriaId: "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
                     matchCriteriaId: "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "48A2FBA9-207F-4F16-932D-BF0BA3440503",
                     versionEndIncluding: "6.4.0",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C6AC80F-9D91-468D-BEE3-6A0759723673",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.",
      },
      {
         lang: "es",
         value: "La función asn1_get_bit_der en GNU Libtasn1 anterior a 3.6 no informa debidamente de un error cuando una longitud de bit negativa está identificada, lo que permite a atacantes dependientes de contexto causar acceso fuera de rango a través de datos ASN.1 manipulados.",
      },
   ],
   id: "CVE-2014-3468",
   lastModified: "2024-11-21T02:08:09.843",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-06-05T20:55:06.283",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://advisories.mageia.org/MGASA-2014-0247.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/58591",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/58614",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59021",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59057",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59408",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/60320",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/60415",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/61888",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2014/dsa-3056",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.novell.com/support/kb/doc.php?id=7015302",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.novell.com/support/kb/doc.php?id=7015303",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102323",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://advisories.mageia.org/MGASA-2014-0247.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/58591",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/58614",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59021",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59408",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/60320",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/60415",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/61888",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2014/dsa-3056",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.novell.com/support/kb/doc.php?id=7015302",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.novell.com/support/kb/doc.php?id=7015303",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102323",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-131",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-09-02 14:59
Modified
2024-11-21 02:29
Severity ?
Summary
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html
cve@mitre.orghttp://www.gnutls.org/security.html#GNUTLS-SA-2015-4
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2015/04/15/6
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2015/04/16/6
cve@mitre.orghttp://www.securityfocus.com/bid/74188
cve@mitre.orghttp://www.securitytracker.com/id/1033774
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2727-1
cve@mitre.orghttps://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02
cve@mitre.orghttps://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
cve@mitre.orghttps://security.gentoo.org/glsa/201506-03
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html
af854a3a-2127-422b-91ae-364da2661108http://www.gnutls.org/security.html#GNUTLS-SA-2015-4
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/04/15/6
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/04/16/6
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74188
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033774
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2727-1
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201506-03
Impacted products
Vendor Product Version
gnu gnutls *
canonical ubuntu_linux 15.04



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5478C220-2E5A-4340-99FD-1EFB184FF437",
                     versionEndIncluding: "3.3.13",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de liberación doble en lib/x509/x509_ext.c en GnuTLS en versiones anteriores a 3.3.14, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un punto de distribución CRL manipulado.",
      },
   ],
   evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/415.html\">CWE-415: Double Free</a>",
   id: "CVE-2015-3308",
   lastModified: "2024-11-21T02:29:07.620",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-09-02T14:59:01.873",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.gnutls.org/security.html#GNUTLS-SA-2015-4",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2015/04/15/6",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2015/04/16/6",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/74188",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id/1033774",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/USN-2727-1",
      },
      {
         source: "cve@mitre.org",
         url: "https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02",
      },
      {
         source: "cve@mitre.org",
         url: "https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9",
      },
      {
         source: "cve@mitre.org",
         url: "https://security.gentoo.org/glsa/201506-03",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.gnutls.org/security.html#GNUTLS-SA-2015-4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/04/15/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/04/16/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/74188",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1033774",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2727-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201506-03",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-03-26 19:55
Modified
2024-11-21 01:37
Severity ?
Summary
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
References
secalert@redhat.comhttp://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
secalert@redhat.comhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932Patch
secalert@redhat.comhttp://article.gmane.org/gmane.comp.gnu.libtasn1.general/53
secalert@redhat.comhttp://article.gmane.org/gmane.comp.gnu.libtasn1.general/54
secalert@redhat.comhttp://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/Exploit
secalert@redhat.comhttp://linux.oracle.com/errata/ELSA-2014-0596.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0427.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0488.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0531.html
secalert@redhat.comhttp://secunia.com/advisories/48397
secalert@redhat.comhttp://secunia.com/advisories/48488
secalert@redhat.comhttp://secunia.com/advisories/48505
secalert@redhat.comhttp://secunia.com/advisories/48578
secalert@redhat.comhttp://secunia.com/advisories/48596
secalert@redhat.comhttp://secunia.com/advisories/49002
secalert@redhat.comhttp://secunia.com/advisories/50739
secalert@redhat.comhttp://secunia.com/advisories/57260
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2440
secalert@redhat.comhttp://www.gnu.org/software/gnutls/security.htmlVendor Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:039
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/03/20/3
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/03/20/8
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/03/21/5
secalert@redhat.comhttp://www.securitytracker.com/id?1026829
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1436-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=804920
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932Patch
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54
af854a3a-2127-422b-91ae-364da2661108http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/Exploit
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-0596.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0427.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0488.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0531.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48397
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48488
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48505
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48578
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48596
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49002
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50739
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57260
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2440
af854a3a-2127-422b-91ae-364da2661108http://www.gnu.org/software/gnutls/security.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:039
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/03/20/3
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/03/20/8
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/03/21/5
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026829
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1436-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=804920
Impacted products
Vendor Product Version
gnu gnutls *
gnu gnutls 1.0.16
gnu gnutls 1.0.17
gnu gnutls 1.0.18
gnu gnutls 1.0.19
gnu gnutls 1.0.20
gnu gnutls 1.0.21
gnu gnutls 1.0.22
gnu gnutls 1.0.23
gnu gnutls 1.0.24
gnu gnutls 1.0.25
gnu gnutls 1.1.13
gnu gnutls 1.1.14
gnu gnutls 1.1.15
gnu gnutls 1.1.16
gnu gnutls 1.1.17
gnu gnutls 1.1.18
gnu gnutls 1.1.19
gnu gnutls 1.1.20
gnu gnutls 1.1.21
gnu gnutls 1.1.22
gnu gnutls 1.1.23
gnu gnutls 1.2.0
gnu gnutls 1.2.1
gnu gnutls 1.2.2
gnu gnutls 1.2.3
gnu gnutls 1.2.4
gnu gnutls 1.2.5
gnu gnutls 1.2.6
gnu gnutls 1.2.7
gnu gnutls 1.2.8
gnu gnutls 1.2.8.1a1
gnu gnutls 1.2.9
gnu gnutls 1.2.10
gnu gnutls 1.2.11
gnu gnutls 1.3.0
gnu gnutls 1.3.1
gnu gnutls 1.3.2
gnu gnutls 1.3.3
gnu gnutls 1.3.4
gnu gnutls 1.3.5
gnu gnutls 1.4.0
gnu gnutls 1.4.1
gnu gnutls 1.4.2
gnu gnutls 1.4.3
gnu gnutls 1.4.4
gnu gnutls 1.4.5
gnu gnutls 1.5.0
gnu gnutls 1.5.1
gnu gnutls 1.5.2
gnu gnutls 1.5.3
gnu gnutls 1.5.4
gnu gnutls 1.5.5
gnu gnutls 1.6.0
gnu gnutls 1.6.1
gnu gnutls 1.6.2
gnu gnutls 1.6.3
gnu gnutls 1.7.0
gnu gnutls 1.7.1
gnu gnutls 1.7.2
gnu gnutls 1.7.3
gnu gnutls 1.7.4
gnu gnutls 1.7.5
gnu gnutls 1.7.6
gnu gnutls 1.7.7
gnu gnutls 1.7.8
gnu gnutls 1.7.9
gnu gnutls 1.7.10
gnu gnutls 1.7.11
gnu gnutls 1.7.12
gnu gnutls 1.7.13
gnu gnutls 1.7.14
gnu gnutls 1.7.15
gnu gnutls 1.7.16
gnu gnutls 1.7.17
gnu gnutls 1.7.18
gnu gnutls 1.7.19
gnu gnutls 2.0.0
gnu gnutls 2.0.1
gnu gnutls 2.0.2
gnu gnutls 2.0.3
gnu gnutls 2.0.4
gnu gnutls 2.1.0
gnu gnutls 2.1.1
gnu gnutls 2.1.2
gnu gnutls 2.1.3
gnu gnutls 2.1.4
gnu gnutls 2.1.5
gnu gnutls 2.1.6
gnu gnutls 2.1.7
gnu gnutls 2.1.8
gnu gnutls 2.2.0
gnu gnutls 2.2.1
gnu gnutls 2.2.2
gnu gnutls 2.2.3
gnu gnutls 2.2.4
gnu gnutls 2.2.5
gnu gnutls 2.3.0
gnu gnutls 2.3.1
gnu gnutls 2.3.2
gnu gnutls 2.3.3
gnu gnutls 2.3.4
gnu gnutls 2.3.5
gnu gnutls 2.3.6
gnu gnutls 2.3.7
gnu gnutls 2.3.8
gnu gnutls 2.3.9
gnu gnutls 2.3.10
gnu gnutls 2.3.11
gnu gnutls 2.4.0
gnu gnutls 2.4.1
gnu gnutls 2.4.2
gnu gnutls 2.4.3
gnu gnutls 2.5.0
gnu gnutls 2.6.0
gnu gnutls 2.6.1
gnu gnutls 2.6.2
gnu gnutls 2.6.3
gnu gnutls 2.6.4
gnu gnutls 2.6.5
gnu gnutls 2.6.6
gnu gnutls 2.7.4
gnu gnutls 2.8.0
gnu gnutls 2.8.1
gnu gnutls 2.8.2
gnu gnutls 2.8.3
gnu gnutls 2.8.4
gnu gnutls 2.8.5
gnu gnutls 2.8.6
gnu gnutls 2.10.0
gnu gnutls 2.10.1
gnu gnutls 2.10.2
gnu gnutls 2.10.3
gnu gnutls 2.10.4
gnu gnutls 2.10.5
gnu gnutls 2.12.0
gnu gnutls 2.12.1
gnu gnutls 2.12.2
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 2.12.5
gnu gnutls 2.12.6
gnu gnutls 2.12.6.1
gnu gnutls 2.12.7
gnu gnutls 2.12.8
gnu gnutls 2.12.9
gnu gnutls 2.12.10
gnu gnutls 2.12.11
gnu gnutls 2.12.12
gnu gnutls 2.12.13
gnu gnutls 2.12.14
gnu gnutls 3.0
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 3.0.2
gnu gnutls 3.0.3
gnu gnutls 3.0.4
gnu gnutls 3.0.5
gnu gnutls 3.0.6
gnu gnutls 3.0.7
gnu gnutls 3.0.8
gnu gnutls 3.0.9
gnu gnutls 3.0.10
gnu gnutls 3.0.11
gnu gnutls 3.0.12
gnu gnutls 3.0.13
gnu gnutls 3.0.14
gnu libtasn1 *
gnu libtasn1 0.1.0
gnu libtasn1 0.1.1
gnu libtasn1 0.1.2
gnu libtasn1 0.2.0
gnu libtasn1 0.2.1
gnu libtasn1 0.2.2
gnu libtasn1 0.2.3
gnu libtasn1 0.2.4
gnu libtasn1 0.2.5
gnu libtasn1 0.2.6
gnu libtasn1 0.2.7
gnu libtasn1 0.2.8
gnu libtasn1 0.2.9
gnu libtasn1 0.2.10
gnu libtasn1 0.2.11
gnu libtasn1 0.2.12
gnu libtasn1 0.2.13
gnu libtasn1 0.2.14
gnu libtasn1 0.2.15
gnu libtasn1 0.2.16
gnu libtasn1 0.2.17
gnu libtasn1 0.2.18
gnu libtasn1 0.3.0
gnu libtasn1 0.3.1
gnu libtasn1 0.3.2
gnu libtasn1 0.3.3
gnu libtasn1 0.3.4
gnu libtasn1 0.3.5
gnu libtasn1 0.3.6
gnu libtasn1 0.3.7
gnu libtasn1 0.3.8
gnu libtasn1 0.3.9
gnu libtasn1 0.3.10
gnu libtasn1 1.0
gnu libtasn1 1.1
gnu libtasn1 1.2
gnu libtasn1 1.3
gnu libtasn1 1.4
gnu libtasn1 1.5
gnu libtasn1 1.6
gnu libtasn1 1.7
gnu libtasn1 1.8
gnu libtasn1 2.0
gnu libtasn1 2.1
gnu libtasn1 2.2
gnu libtasn1 2.3
gnu libtasn1 2.4
gnu libtasn1 2.5
gnu libtasn1 2.6
gnu libtasn1 2.7
gnu libtasn1 2.8
gnu libtasn1 2.9
gnu libtasn1 2.10



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1DAE9020-329B-487B-AA25-B17CBEFE07E2",
                     versionEndIncluding: "3.0.15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "754A0D19-A17A-4007-8355-497D14CFCBF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8140DBE1-8116-4051-9A57-07535586E0AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1CC840D-AD01-4EE2-8652-06742A6286BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "84224A82-6D58-4000-A449-20C1632DAE85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "A466931C-769A-4A28-B072-10930CE655E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F621DC-7967-4D97-A562-02E7033C89C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "776E5481-399F-45BC-AD20-A18508B03916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "63D7F972-9128-4A4D-8508-B38CE2F155E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "54FE4766-32D0-491E-8C71-5B998C468142",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F980857-2364-466A-8366-BD017D242222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2E649D-5C45-4412-927B-E3EDCE07587C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "052B40C1-C29B-4189-9A45-DAE873AB716D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "61D05BC3-1315-4AC7-884D-41459272C94B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "738F29DA-9741-4BA5-B370-417443A3AC2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "52173492-1031-4AA4-A600-6210581059D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB636C36-2884-4F66-B68A-4494AEAF90C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9200C3-0F46-4238-918B-38D95BF11547",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B84A4F5-CED7-4633-913F-BE8235F68616",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DB6EC88-DCE0-439B-89CD-18229965849B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E2C89DD-CDBD-4772-A031-089F32006D80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "00DE1208-BDDC-405B-A34A-B58D00A279DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5C952BF-A135-4B15-8A51-94D66B618469",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6ADED309-0A25-478D-B542-96217A0DD63E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F714D22-873A-4D64-8151-86BB55EFD084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E9181F9-50FF-4995-9554-022CF93376C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "86C70F69-FB80-4F32-A798-71A5153E6C29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A1E604-500E-4181-BF66-BB69C7C3F425",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7073EAD-06C9-4309-B479-135021E82B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "1895868E-E501-42C2-8450-EEED4447BAB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "199AA36A-3B23-438C-9109-CC9000372986",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD6FFF05-37B2-4D69-86AF-921591382D21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "22802660-D33F-4683-B82F-C94AC6170A73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5DBAF08-1441-4F14-A740-E90044B77042",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D3B6684-3890-4B60-BE67-D06045A86B3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D61596-01EB-4936-923B-63537625F926",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "599EB59C-7717-47A8-84C6-78B6D79AEB02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "26E9005E-5034-43F2-B96E-7829E19FE3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "83F22BF4-A738-438B-8D0B-6993640F0D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AF269AE-121B-4982-A765-5C7E806FA9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1C9F604-7FBE-4759-B039-8F5894574203",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "191821CD-E4CB-4269-B04C-284A9F9783B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A71474-958D-4689-A652-3E2A731F47FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "38169043-17DF-4CF9-963A-8770B8882357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4537676-A72E-4433-B44F-3664EDD6F240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D090B10-68F2-424D-8234-2A280AA96B59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "23168B77-645D-4A2A-A6E3-7001104064A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D085B16-3116-423F-BDE0-2D93E12650A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "C51E0C88-B19C-408D-AC17-10CE7462D48A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC41482-B3BC-4C93-A850-73A179BAB763",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADC80BE1-28A6-4348-A061-8FD9C805E945",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D7D245A-D983-40AD-89A7-0EA00D38D570",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7223691-225D-4649-B410-F41D2C489BA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F786B6F2-77FC-4DFE-A574-2C00EDC08CE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "350A6845-77D6-4D63-A13C-5DAB55F98727",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D457688-987A-4059-AA58-D9BF19ABC48B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA20043D-EC85-4003-9E7B-27AB50F4E133",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "18A2C47E-510D-4537-8F51-3763A73E8E52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4704D411-7B24-4B1F-9D40-A39A178FF873",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B5E7C27-A5D9-4ABD-AFC5-5367083F387F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3091701-9B7C-4494-A82E-6E6F64656D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "541BCA04-0500-4388-9140-55C17E17EB15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E11431F6-8C9D-40E1-84F6-CD25147DB15E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DC3D824-585E-49F1-9E44-902F5C7D57D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2097221B-46C2-480C-8D79-54080186BB58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5CEC430-8CFF-4DC5-9B2B-338C401B1984",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2DAA60D-F9B4-4045-81C2-29AD913E7BF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "547CC163-57F9-4418-BFB1-0E688DEEE0BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A274912-B16F-4B91-8CC0-E5CEED04B678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA84D0DE-B63F-41E4-AB04-70D2F5134D46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5552C7B3-5D56-4858-B138-F49CD1F90513",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F7E11DD-6AFC-4271-92D5-FB41CA6E1B52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA23D0EC-6014-4303-962A-1936EFCE3D16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8BA54B99-2FF1-432F-9587-8F384323CADE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "39F59B50-BC97-43B3-BC15-C767F420291E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B25626-7C72-4BAE-85FF-415A5F376A00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "31E092EF-D7F6-4160-B928-3C3EA1198B33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "185A2FAD-5541-4439-924B-406BD33E6FA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "854F260C-4C7D-4855-8644-4B6DC7CD5657",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "07E877F8-3623-4295-816F-7EE4FFDE1599",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "86E711C7-37EE-4957-BD49-FA08103357BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "A964A74F-CC0E-4E2E-8DBB-858A66EA2566",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC43DD1B-D8F0-4CC6-A5A9-C0DCEB1A7131",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8150D656-9B13-49D0-9960-4C78E057AB26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0161F845-C5F4-4318-949A-499A4062FB78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C42F577F-264C-4F8F-955A-67743965AB8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "022F28CD-4D6B-48AB-8E39-244E19D34F67",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "16B5986E-1029-4D40-8012-1FF1615C929A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "45439989-0D3B-4DCE-AB35-B63B1543CD59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBCD4F3C-8BD4-4367-B00C-A1379C158625",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "12F2CFB7-5ACF-4328-B0F8-C3A981CAA368",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF062C51-CADD-46B1-A121-32CB6A18F2FC",
                     versionEndIncluding: "2.11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7031435B-D0CA-488B-86D2-DB7E031CC4DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "09F703B5-5548-4B21-97C4-EEB5A79BFDA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DDC2A2A-80A8-4F0B-9050-88E68C614605",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "85655541-7911-4F23-967B-A8EE8F77CB27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9548F8E-9558-48E7-B7AA-52536C16D39C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8DE5A7AC-2608-41AB-B319-7FE54EE638DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "715A4581-1FA7-4BBD-9CBD-0EEEDF6EB85A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB27F841-7ECF-46A8-A353-572D57CFA8DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "43639215-5F31-4168-B40B-BC23DFC6F449",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6895DBDF-02F3-4ABE-94C9-2B389B1633A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF8BEFC7-B81E-4872-AA0F-3382C4340E2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "467A9372-936A-43B6-AA6E-4B110460E53B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCB8982C-9131-4A65-AD52-BCC50E204BFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C4F854E-8C99-4BB0-8146-0F95C25385F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "370BA774-EBA1-454C-82B7-6ACE43744B72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A004586-34BE-42A7-9DD2-8991AC651407",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B6324E8-2B22-4567-B5B6-A6CC5CA12DBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "8BED632B-43B5-4AC2-8DC8-55A2032CDA58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "87C997F9-9480-4980-9FA2-045248EE0DDE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE11CD41-CBEE-413B-BD6C-FECEA6778CEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C4D083C-0D60-476C-9A9B-62E38CE709A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.2.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "36F87440-811B-4AD7-8B62-5B8E88D7F3C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C56DB483-22C8-483D-B11B-DFAABF7223BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D51918C9-18B0-434C-B097-FBC78BE7307F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F9C52B5-4CA8-4777-B6EE-62F924B47B0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "29E05ABB-DE4D-411D-A1B7-E4194825F75D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "75F77DCC-6C4C-4CFB-BFAF-1BD8EF1D606D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7DCAF92-7732-477D-8E4F-D3FA3F9B5C21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A6328C0-1A21-4935-9E71-C3C38BD118B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E623FF7-EE83-42B3-B4F3-F521820B417C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "75BA158E-BD3A-4F97-A142-F3426AAD4170",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5D2DF6E-FDD2-4C3C-9EA5-A509BF946539",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:0.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "8352B632-E674-453A-BE64-81960D2382D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C3531C0-E08D-4BFF-8335-3F653A77B3B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "355D4841-1447-41EF-9B85-C5E2B7C0A5DE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC4C3B81-8AF3-40EF-8997-221600B1B2FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC8EE05F-000A-46ED-A819-A7253D299260",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "33060E8C-EA63-4599-8765-B72F7809C914",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B23D8C-269A-4E37-BEFD-262424EDEAD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "120B5DD9-C74D-44C0-AF40-D71E6F3107BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2023D887-50B5-485B-BECF-E4C9107E46BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F875C0B-4AE3-4B71-ABEE-703477919747",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4356476-E1C4-4C72-9AE8-DA1AE541A654",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "638381FC-4AFF-47BF-B280-8C6A77FC6966",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5DB9D74-F831-4A2A-8B7A-692DDC21D627",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "40DDDE9D-8F3F-494D-8FD6-205CBFC5F8B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "767DF7D3-534F-4F18-8B59-4F1C9A7EA404",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "6DDA21F2-B48C-41DB-958E-0DC3DA3C3B88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD2BD591-165A-4DF6-88CD-E1D6A7B67505",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CCB275D-8510-464B-BEC3-51A3D1A402C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "05D976E9-191B-4150-9339-56DB7E137641",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD197F74-96EC-4CBD-B21E-F703799A0B51",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A063194-9A64-4FA3-AF00-856825028855",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.",
      },
      {
         lang: "es",
         value: "La función asn1_get_length_der en decoding.c en GNU libtasn1 antes de v2.12, tal y como se usa en GnuTLS antes del v3.0.16 y otros productos, no maneja adecuadamente ciertos valores de longitud demasiado grandes, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de la pila de memoria y caída de la aplicación) o posiblemente tener un impacto no especificado a través de una estructura ASN.1 especificamente elaborada para este fin.",
      },
   ],
   id: "CVE-2012-1569",
   lastModified: "2024-11-21T01:37:13.643",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-03-26T19:55:01.110",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932",
      },
      {
         source: "secalert@redhat.com",
         url: "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53",
      },
      {
         source: "secalert@redhat.com",
         url: "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
      },
      {
         source: "secalert@redhat.com",
         url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0427.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/48397",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/48488",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/48505",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/48578",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/48596",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/49002",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/50739",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2012/dsa-2440",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/03/20/3",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/03/20/8",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/03/21/5",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securitytracker.com/id?1026829",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1436-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=804920",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0427.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/48397",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/48488",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/48505",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/48578",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/48596",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/49002",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/50739",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2012/dsa-2440",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/03/20/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/03/20/8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/03/21/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1026829",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1436-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=804920",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-189",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-20 14:15
Modified
2024-11-21 02:38
Summary
GnuTLS incorrectly validates the first byte of padding in CBC modes
References
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3408Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/537012/100/0/threadedThird Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/bid/78327Third Party Advisory, VDB Entry
cve@mitre.orghttps://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.htmlThird Party Advisory
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313Issue Tracking, Third Party Advisory
cve@mitre.orghttps://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://security-tracker.debian.org/tracker/CVE-2015-8313Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3408Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/537012/100/0/threadedThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/78327Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security-tracker.debian.org/tracker/CVE-2015-8313Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C30D5FDF-10E2-42E3-8D48-3BC6BEB0EFE2",
                     versionEndIncluding: "2.12.24",
                     versionStartIncluding: "2.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "GnuTLS incorrectly validates the first byte of padding in CBC modes",
      },
      {
         lang: "es",
         value: "GnuTLS comprueba incorrectamente el primer byte de relleno en los modos CBC",
      },
   ],
   id: "CVE-2015-8313",
   lastModified: "2024-11-21T02:38:16.517",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-20T14:15:11.523",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2015/dsa-3408",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/537012/100/0/threaded",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/78327",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2015-8313",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2015/dsa-3408",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/537012/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/78327",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2015-8313",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-203",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-09-04 15:15
Modified
2024-11-21 05:15
Summary
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://gitlab.com/gnutls/gnutls/-/issues/1071Exploit, Issue Tracking, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/
cve@mitre.orghttps://security.gentoo.org/glsa/202009-01Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200911-0006/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4491-1/Third Party Advisory
cve@mitre.orghttps://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/-/issues/1071Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202009-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200911-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4491-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04Vendor Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3160C6D1-138F-42D8-832E-4C0EFE6A4A48",
                     versionEndExcluding: "3.6.15",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                     matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en GnuTLS versiones anteriores a 3.6.15.&#xa0;Un servidor puede desencadenar una desreferencia del puntero NULL en un cliente TLS versión 1.3, si una alerta no_renegotiation es enviada con una sincronización no prevista y luego se produce un segundo protocolo de enlace no válido.&#xa0;El bloqueo ocurre en la ruta de manejo de errores de la aplicación, donde la función gnutls_deinit es llamada después de detectar un fallo en el protocolo de enlace",
      },
   ],
   id: "CVE-2020-24659",
   lastModified: "2024-11-21T05:15:26.003",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-09-04T15:15:10.803",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/issues/1071",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202009-01",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200911-0006/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4491-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/issues/1071",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202009-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200911-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4491-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2010-03-26 18:30
Modified
2024-11-21 01:12
Severity ?
Summary
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
secalert@redhat.comhttp://secunia.com/advisories/39127
secalert@redhat.comhttp://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230Exploit
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:089
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0167.html
secalert@redhat.comhttp://www.securityfocus.com/bid/38959
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0713Patch, Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1054
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=573028Exploit
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9759
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39127
af854a3a-2127-422b-91ae-364da2661108http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0167.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/38959
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0713Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1054
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=573028Exploit
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9759
Impacted products
Vendor Product Version
gnu gnutls *
gnu gnutls 1.0.16
gnu gnutls 1.0.17
gnu gnutls 1.0.18
gnu gnutls 1.0.19
gnu gnutls 1.0.20
gnu gnutls 1.0.21
gnu gnutls 1.0.22
gnu gnutls 1.0.23
gnu gnutls 1.0.24
gnu gnutls 1.0.25
gnu gnutls 1.1.13
gnu gnutls 1.1.14
gnu gnutls 1.1.15
gnu gnutls 1.1.16
gnu gnutls 1.1.17
gnu gnutls 1.1.18
gnu gnutls 1.1.19
gnu gnutls 1.1.20
gnu gnutls 1.1.21
gnu gnutls 1.1.22
gnu gnutls 1.1.23



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E314F586-A086-480E-9BB9-D75ADDF8416D",
                     versionEndIncluding: "1.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "754A0D19-A17A-4007-8355-497D14CFCBF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8140DBE1-8116-4051-9A57-07535586E0AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1CC840D-AD01-4EE2-8652-06742A6286BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "84224A82-6D58-4000-A449-20C1632DAE85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "A466931C-769A-4A28-B072-10930CE655E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F621DC-7967-4D97-A562-02E7033C89C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "776E5481-399F-45BC-AD20-A18508B03916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "63D7F972-9128-4A4D-8508-B38CE2F155E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "54FE4766-32D0-491E-8C71-5B998C468142",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F980857-2364-466A-8366-BD017D242222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2E649D-5C45-4412-927B-E3EDCE07587C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.",
      },
      {
         lang: "es",
         value: "La función gnutls_x509_crt_get_serial en la librería GnuTLS anterior a v1.2.1, cunado se está ejecutando sobre big-endian, plataformas de 64-bit, llama de a asn1_read_value con un puntero a un tipo de dato erróneo, y con una longitud errónea, lo que permite a atacantes remotos saltarse el control la lista de certificados revocados (CRL) y robocar un desbordamiento de de búfer basado en pila, a a través de un certificado X.509 manipulado, relativo a la extracción de un número de serie.",
      },
   ],
   evaluatorSolution: "Per: http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230\r\n\r\n\"Please note that the problem was solved for GnuTLS 1.2.1, released on\r\n2005-04-04.  Also, 32-bit platforms are not affected.  I have added\r\ninformation about this on\r\n\r\nhttp://www.gnu.org/software/gnutls/security.html\r\n\r\nso that it contains the complete list of known security flaws.  I'm\r\nusing the keyword GNUTLS-SA-2010-1 for this.\"",
   id: "CVE-2010-0731",
   lastModified: "2024-11-21T01:12:50.870",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2010-03-26T18:30:00.437",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/39127",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2010-0167.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/38959",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0713",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2010/1054",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=573028",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9759",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/39127",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2010-0167.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/38959",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0713",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2010/1054",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=573028",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9759",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.
Impacted products
Vendor Product Version
gnu gnutls 1.0.18
gnu gnutls 1.0.19
gnu gnutls 1.0.20
gnu gnutls 1.0.21
gnu gnutls 1.0.22
gnu gnutls 1.0.23
gnu gnutls 1.0.24
gnu gnutls 1.2.0
gnu gnutls 1.2.1
gnu gnutls 1.2.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "754A0D19-A17A-4007-8355-497D14CFCBF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8140DBE1-8116-4051-9A57-07535586E0AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1CC840D-AD01-4EE2-8652-06742A6286BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "84224A82-6D58-4000-A449-20C1632DAE85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "052B40C1-C29B-4189-9A45-DAE873AB716D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The \"record packet parsing\" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.",
      },
   ],
   id: "CVE-2005-1431",
   lastModified: "2024-11-20T23:57:20.197",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-03T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/15193",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1013861",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/16054",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-430.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/13477",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20328",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/15193",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1013861",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/16054",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-430.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/13477",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20328",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2008-05-21 13:24
Modified
2024-11-21 00:45
Severity ?
Summary
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
References
secalert@redhat.comhttp://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b
secalert@redhat.comhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html
secalert@redhat.comhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.htmlExploit
secalert@redhat.comhttp://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html
secalert@redhat.comhttp://secunia.com/advisories/30287
secalert@redhat.comhttp://secunia.com/advisories/30302
secalert@redhat.comhttp://secunia.com/advisories/30317
secalert@redhat.comhttp://secunia.com/advisories/30324
secalert@redhat.comhttp://secunia.com/advisories/30330
secalert@redhat.comhttp://secunia.com/advisories/30331
secalert@redhat.comhttp://secunia.com/advisories/30338
secalert@redhat.comhttp://secunia.com/advisories/30355
secalert@redhat.comhttp://secunia.com/advisories/31939
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200805-20.xml
secalert@redhat.comhttp://securityreason.com/securityalert/3902
secalert@redhat.comhttp://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558
secalert@redhat.comhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174
secalert@redhat.comhttp://www.cert.fi/haavoittuvuudet/advisory-gnutls.htmlExploit
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1581
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/111034US Government Resource
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:106
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2008/05/20/1
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2008/05/20/2Patch
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2008/05/20/3
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0489.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0492.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/492282/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/492464/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/29292Patch
secalert@redhat.comhttp://www.securitytracker.com/id?1020057
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-613-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1582/references
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1583/references
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/42532
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-2552
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30287
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30302
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30317
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30324
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30330
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30331
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30338
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30355
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31939
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200805-20.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3902
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174
af854a3a-2127-422b-91ae-364da2661108http://www.cert.fi/haavoittuvuudet/advisory-gnutls.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1581
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/111034US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:106
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/05/20/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/05/20/2Patch
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/05/20/3
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0489.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0492.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/492282/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/492464/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/29292Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020057
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-613-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1582/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1583/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/42532
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-2552
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html
Impacted products
Vendor Product Version
gnu gnutls 1.0.18
gnu gnutls 1.0.19
gnu gnutls 1.0.20
gnu gnutls 1.0.21
gnu gnutls 1.0.22
gnu gnutls 1.0.23
gnu gnutls 1.0.24
gnu gnutls 1.0.25
gnu gnutls 1.1.13
gnu gnutls 1.1.14
gnu gnutls 1.1.15
gnu gnutls 1.1.16
gnu gnutls 1.1.17
gnu gnutls 1.1.18
gnu gnutls 1.1.19
gnu gnutls 1.1.20
gnu gnutls 1.1.21
gnu gnutls 1.1.22
gnu gnutls 1.1.23
gnu gnutls 1.2.0
gnu gnutls 1.2.1
gnu gnutls 1.2.2
gnu gnutls 1.2.3
gnu gnutls 1.2.4
gnu gnutls 1.2.5
gnu gnutls 1.2.6
gnu gnutls 1.2.7
gnu gnutls 1.2.8
gnu gnutls 1.2.9
gnu gnutls 1.2.10
gnu gnutls 1.2.11
gnu gnutls 1.3.0
gnu gnutls 1.3.1
gnu gnutls 1.3.2
gnu gnutls 1.3.3
gnu gnutls 1.3.4
gnu gnutls 1.3.5
gnu gnutls 1.4.0
gnu gnutls 1.4.1
gnu gnutls 1.4.2
gnu gnutls 1.4.3
gnu gnutls 1.4.4
gnu gnutls 1.4.5
gnu gnutls 1.5.0
gnu gnutls 1.5.1
gnu gnutls 1.5.2
gnu gnutls 1.5.3
gnu gnutls 1.5.4
gnu gnutls 1.5.5
gnu gnutls 1.6.0
gnu gnutls 1.6.1
gnu gnutls 1.6.2
gnu gnutls 1.6.3
gnu gnutls 1.7.0
gnu gnutls 1.7.1
gnu gnutls 1.7.2
gnu gnutls 1.7.3
gnu gnutls 1.7.4
gnu gnutls 1.7.5
gnu gnutls 1.7.6
gnu gnutls 1.7.7
gnu gnutls 1.7.8
gnu gnutls 1.7.9
gnu gnutls 1.7.10
gnu gnutls 1.7.11
gnu gnutls 1.7.12
gnu gnutls 1.7.13
gnu gnutls 1.7.14
gnu gnutls 1.7.15
gnu gnutls 1.7.16
gnu gnutls 1.7.17
gnu gnutls 1.7.18
gnu gnutls 1.7.19
gnu gnutls 2.0.0
gnu gnutls 2.0.1
gnu gnutls 2.0.2
gnu gnutls 2.0.3
gnu gnutls 2.0.4
gnu gnutls 2.1.0
gnu gnutls 2.1.1
gnu gnutls 2.1.2
gnu gnutls 2.1.3
gnu gnutls 2.1.4
gnu gnutls 2.1.5
gnu gnutls 2.1.6
gnu gnutls 2.1.7
gnu gnutls 2.1.8
gnu gnutls 2.2.0
gnu gnutls 2.2.1
gnu gnutls 2.2.2
gnu gnutls 2.2.3
gnu gnutls 2.2.4
gnu gnutls 2.2.5
gnu gnutls 2.3.0
gnu gnutls 2.3.1
gnu gnutls 2.3.2
gnu gnutls 2.3.3
gnu gnutls 2.3.4
gnu gnutls 2.3.5
gnu gnutls 2.3.6
gnu gnutls 2.3.7
gnu gnutls 2.3.8
gnu gnutls 2.3.9
gnu gnutls 2.3.10
gnu gnutls 2.3.11



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "754A0D19-A17A-4007-8355-497D14CFCBF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8140DBE1-8116-4051-9A57-07535586E0AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1CC840D-AD01-4EE2-8652-06742A6286BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "84224A82-6D58-4000-A449-20C1632DAE85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "A466931C-769A-4A28-B072-10930CE655E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F621DC-7967-4D97-A562-02E7033C89C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "776E5481-399F-45BC-AD20-A18508B03916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "63D7F972-9128-4A4D-8508-B38CE2F155E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "54FE4766-32D0-491E-8C71-5B998C468142",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F980857-2364-466A-8366-BD017D242222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2E649D-5C45-4412-927B-E3EDCE07587C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "052B40C1-C29B-4189-9A45-DAE873AB716D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "61D05BC3-1315-4AC7-884D-41459272C94B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "738F29DA-9741-4BA5-B370-417443A3AC2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "52173492-1031-4AA4-A600-6210581059D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB636C36-2884-4F66-B68A-4494AEAF90C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9200C3-0F46-4238-918B-38D95BF11547",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B84A4F5-CED7-4633-913F-BE8235F68616",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DB6EC88-DCE0-439B-89CD-18229965849B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E2C89DD-CDBD-4772-A031-089F32006D80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "00DE1208-BDDC-405B-A34A-B58D00A279DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5C952BF-A135-4B15-8A51-94D66B618469",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6ADED309-0A25-478D-B542-96217A0DD63E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F714D22-873A-4D64-8151-86BB55EFD084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E9181F9-50FF-4995-9554-022CF93376C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "86C70F69-FB80-4F32-A798-71A5153E6C29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A1E604-500E-4181-BF66-BB69C7C3F425",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7073EAD-06C9-4309-B479-135021E82B99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "1895868E-E501-42C2-8450-EEED4447BAB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "199AA36A-3B23-438C-9109-CC9000372986",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD6FFF05-37B2-4D69-86AF-921591382D21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "22802660-D33F-4683-B82F-C94AC6170A73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5DBAF08-1441-4F14-A740-E90044B77042",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D3B6684-3890-4B60-BE67-D06045A86B3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D61596-01EB-4936-923B-63537625F926",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "599EB59C-7717-47A8-84C6-78B6D79AEB02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "26E9005E-5034-43F2-B96E-7829E19FE3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "83F22BF4-A738-438B-8D0B-6993640F0D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AF269AE-121B-4982-A765-5C7E806FA9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1C9F604-7FBE-4759-B039-8F5894574203",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "191821CD-E4CB-4269-B04C-284A9F9783B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A71474-958D-4689-A652-3E2A731F47FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "38169043-17DF-4CF9-963A-8770B8882357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4537676-A72E-4433-B44F-3664EDD6F240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D090B10-68F2-424D-8234-2A280AA96B59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "23168B77-645D-4A2A-A6E3-7001104064A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D085B16-3116-423F-BDE0-2D93E12650A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "C51E0C88-B19C-408D-AC17-10CE7462D48A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC41482-B3BC-4C93-A850-73A179BAB763",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADC80BE1-28A6-4348-A061-8FD9C805E945",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.",
      },
      {
         lang: "es",
         value: "La función _gnutls_server_name_recv_params de lib/ext_server_name.c en libgnutls de gnutls-serv en GnuTLS versiones anteriores a la 2.2.4, no calcula correctamente el número de Nombre de Servidor  en un mensaje Hello TLS 1.0 durante la gestión de extensiones, lo cual permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrariamente a través de un valor cero para la longitud de los Nombres de Servidores, lo que conlleva un desbordamiento de búfer en una sesión de reanudación de datos en la función pack_security_parameters, también conocida como GNUTLS-SA-2008-1-1.",
      },
   ],
   id: "CVE-2008-1948",
   lastModified: "2024-11-21T00:45:44.003",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2008-05-21T13:24:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30287",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30302",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30317",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30324",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30330",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30331",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30338",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/30355",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/31939",
      },
      {
         source: "secalert@redhat.com",
         url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securityreason.com/securityalert/3902",
      },
      {
         source: "secalert@redhat.com",
         url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
      },
      {
         source: "secalert@redhat.com",
         url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2008/dsa-1581",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/111034",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/29292",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securitytracker.com/id?1020057",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/usn-613-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2008/1582/references",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2008/1583/references",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42532",
      },
      {
         source: "secalert@redhat.com",
         url: "https://issues.rpath.com/browse/RPL-2552",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30287",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30302",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30317",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30324",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30330",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30331",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30338",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30355",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/31939",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securityreason.com/securityalert/3902",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2008/dsa-1581",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/111034",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/29292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1020057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-613-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1582/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1583/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42532",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://issues.rpath.com/browse/RPL-2552",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-189",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-11-09 17:30
Modified
2024-11-21 01:07
Severity ?
Summary
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
References
secalert@redhat.comhttp://archives.neohapsis.com/archives/bugtraq/2013-11/0120.htmlBroken Link
secalert@redhat.comhttp://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.htmlThird Party Advisory
secalert@redhat.comhttp://blogs.iss.net/archive/sslmitmiscsrf.htmlBroken Link
secalert@redhat.comhttp://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_duringThird Party Advisory
secalert@redhat.comhttp://clicky.me/tlsvulnExploit, Third Party Advisory
secalert@redhat.comhttp://extendedsubset.com/?p=8Broken Link
secalert@redhat.comhttp://extendedsubset.com/Renegotiating_TLS.pdfBroken Link
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686Broken Link
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686Broken Link
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041Broken Link
secalert@redhat.comhttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751Broken Link
secalert@redhat.comhttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751Broken Link
secalert@redhat.comhttp://kbase.redhat.com/faq/docs/DOC-20491Third Party Advisory
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2010//May/msg00001.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2010//May/msg00002.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2010/Jan/msg00000.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.htmlThird Party Advisory
secalert@redhat.comhttp://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlThird Party Advisory
secalert@redhat.comhttp://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=126150535619567&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=126150535619567&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=127128920008563&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=127128920008563&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=127419602507642&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=127419602507642&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=127557596201693&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=127557596201693&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=130497311408250&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=130497311408250&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=132077688910227&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=132077688910227&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=133469267822771&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=133469267822771&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=134254866602253&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=142660345230545&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=142660345230545&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=cryptography&m=125752275331877&w=2Third Party Advisory
secalert@redhat.comhttp://openbsd.org/errata45.html#010_opensslThird Party Advisory
secalert@redhat.comhttp://openbsd.org/errata46.html#004_opensslThird Party Advisory
secalert@redhat.comhttp://osvdb.org/60521Broken Link
secalert@redhat.comhttp://osvdb.org/60972Broken Link
secalert@redhat.comhttp://osvdb.org/62210Broken Link
secalert@redhat.comhttp://osvdb.org/65202Broken Link
secalert@redhat.comhttp://seclists.org/fulldisclosure/2009/Nov/139Mailing List, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37291Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37292Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37320Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37383Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37399Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37453Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37501Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37504Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37604Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37640Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37656Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37675Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37859Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/38003Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/38020Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/38056Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/38241Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/38484Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/38687Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/38781Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/39127Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/39136Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/39242Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/39243Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/39278Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/39292Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/39317Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/39461Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/39500Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/39628Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/39632Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/39713Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/39819Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/40070Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/40545Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/40747Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/40866Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/41480Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/41490Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/41818Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/41967Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/41972Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/42377Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/42379Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/42467Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/42724Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/42733Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/42808Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/42811Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/42816Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/43308Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/44183Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/44954Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/48577Third Party Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200912-01.xmlThird Party Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201203-22.xmlThird Party Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201406-32.xmlThird Party Advisory
secalert@redhat.comhttp://securitytracker.com/id?1023148Third Party Advisory, VDB Entry
secalert@redhat.comhttp://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446Third Party Advisory
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1Broken Link
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1Broken Link
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1Broken Link
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1Broken Link
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1Broken Link
secalert@redhat.comhttp://support.apple.com/kb/HT4004Third Party Advisory
secalert@redhat.comhttp://support.apple.com/kb/HT4170Third Party Advisory
secalert@redhat.comhttp://support.apple.com/kb/HT4171Third Party Advisory
secalert@redhat.comhttp://support.avaya.com/css/P8/documents/100070150Third Party Advisory
secalert@redhat.comhttp://support.avaya.com/css/P8/documents/100081611Third Party Advisory
secalert@redhat.comhttp://support.avaya.com/css/P8/documents/100114315Third Party Advisory
secalert@redhat.comhttp://support.avaya.com/css/P8/documents/100114327Third Party Advisory
secalert@redhat.comhttp://support.citrix.com/article/CTX123359Third Party Advisory
secalert@redhat.comhttp://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTESBroken Link
secalert@redhat.comhttp://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_releasedBroken Link
secalert@redhat.comhttp://sysoev.ru/nginx/patch.cve-2009-3555.txtBroken Link
secalert@redhat.comhttp://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.htmlBroken Link
secalert@redhat.comhttp://ubuntu.com/usn/usn-923-1Third Party Advisory
secalert@redhat.comhttp://wiki.rpath.com/Advisories:rPSA-2009-0155Third Party Advisory
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IC67848Third Party Advisory
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IC68054Third Party Advisory
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IC68055Third Party Advisory
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM12247Third Party Advisory
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21426108Third Party Advisory
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21432298Third Party Advisory
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg24006386Third Party Advisory
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg24025312Third Party Advisory
secalert@redhat.comhttp://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=onlyThird Party Advisory
secalert@redhat.comhttp://www.arubanetworks.com/support/alerts/aid-020810.txtBroken Link
secalert@redhat.comhttp://www.betanews.com/article/1257452450Third Party Advisory
secalert@redhat.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtmlThird Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2009/dsa-1934Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2011/dsa-2141Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2015/dsa-3253Third Party Advisory
secalert@redhat.comhttp://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.htmlThird Party Advisory
secalert@redhat.comhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.htmlThird Party Advisory
secalert@redhat.comhttp://www.ietf.org/mail-archive/web/tls/current/msg03928.htmlThird Party Advisory
secalert@redhat.comhttp://www.ietf.org/mail-archive/web/tls/current/msg03948.htmlThird Party Advisory
secalert@redhat.comhttp://www.ingate.com/Relnote.php?ver=481Third Party Advisory
secalert@redhat.comhttp://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995Third Party Advisory
secalert@redhat.comhttp://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995Third Party Advisory
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/120541Third Party Advisory, US Government Resource
secalert@redhat.comhttp://www.links.org/?p=780Third Party Advisory
secalert@redhat.comhttp://www.links.org/?p=786Third Party Advisory
secalert@redhat.comhttp://www.links.org/?p=789Third Party Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:076Broken Link
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:084Broken Link
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:089Broken Link
secalert@redhat.comhttp://www.mozilla.org/security/announce/2010/mfsa2010-22.htmlThird Party Advisory
secalert@redhat.comhttp://www.openoffice.org/security/cves/CVE-2009-3555.htmlThird Party Advisory
secalert@redhat.comhttp://www.openssl.org/news/secadv_20091111.txtThird Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2009/11/05/3Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2009/11/05/5Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2009/11/06/3Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2009/11/07/3Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2009/11/20/1Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2009/11/23/10Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.opera.com/docs/changelogs/unix/1060/Third Party Advisory
secalert@redhat.comhttp://www.opera.com/support/search/view/944/Third Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlThird Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlThird Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.htmlThird Party Advisory
secalert@redhat.comhttp://www.proftpd.org/docs/RELEASE_NOTES-1.3.2cBroken Link
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0119.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0130.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0155.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0165.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0167.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0337.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0338.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0339.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0768.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0770.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0786.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0807.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0865.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0986.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0987.htmlThird Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-0880.htmlThird Party Advisory
secalert@redhat.comhttp://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/archive/1/507952/100/0/threadedThird Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/archive/1/508075/100/0/threadedThird Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/archive/1/508130/100/0/threadedThird Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/archive/1/515055/100/0/threadedThird Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/archive/1/516397/100/0/threadedThird Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/archive/1/522176Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/archive/1/522176Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/bid/36935Exploit, Patch, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023163Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023204Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023205Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023206Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023207Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023208Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023209Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023210Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023211Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023212Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023213Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023214Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023215Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023216Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023217Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023218Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023219Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023224Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023243Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023270Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023271Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023272Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023273Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023274Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023275Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023411Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023426Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023427Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1023428Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1024789Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.tombom.co.uk/blog/?p=85Broken Link
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1010-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-927-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-927-4Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-927-5Third Party Advisory
secalert@redhat.comhttp://www.us-cert.gov/cas/techalerts/TA10-222A.htmlThird Party Advisory, US Government Resource
secalert@redhat.comhttp://www.us-cert.gov/cas/techalerts/TA10-287A.htmlThird Party Advisory, US Government Resource
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2010-0019.htmlThird Party Advisory
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2011-0003.htmlThird Party Advisory
secalert@redhat.comhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlThird Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3164Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3165Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3205Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3220Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3310Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3313Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3353Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3354Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3484Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3521Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3587Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0086Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0173Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0748Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0848Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0916Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0933Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0982Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0994Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1054Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1107Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1191Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1350Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1639Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1673Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1793Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/2010Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/2745Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/3069Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/3086Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/3126Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0032Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0033Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0086Third Party Advisory
secalert@redhat.comhttp://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.htmlExploit, Third Party Advisory
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=526689Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=545755Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=533125Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049Patch, Vendor Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/54158Third Party Advisory, VDB Entry
secalert@redhat.comhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888Third Party Advisory
secalert@redhat.comhttps://kb.bluecoat.com/index?page=content&id=SA50Third Party Advisory
secalert@redhat.comhttps://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088Third Party Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578Third Party Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617Third Party Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315Third Party Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478Third Party Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973Third Party Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366Third Party Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535Third Party Advisory
secalert@redhat.comhttps://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.htmlThird Party Advisory
secalert@redhat.comhttps://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txtThird Party Advisory
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.htmlThird Party Advisory
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.htmlThird Party Advisory
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.htmlThird Party Advisory
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.htmlThird Party Advisory
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.htmlThird Party Advisory
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.htmlThird Party Advisory
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.htmlThird Party Advisory
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://blogs.iss.net/archive/sslmitmiscsrf.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_duringThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://clicky.me/tlsvulnExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://extendedsubset.com/?p=8Broken Link
af854a3a-2127-422b-91ae-364da2661108http://extendedsubset.com/Renegotiating_TLS.pdfBroken Link
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686Broken Link
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686Broken Link
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041Broken Link
af854a3a-2127-422b-91ae-364da2661108http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751Broken Link
af854a3a-2127-422b-91ae-364da2661108http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751Broken Link
af854a3a-2127-422b-91ae-364da2661108http://kbase.redhat.com/faq/docs/DOC-20491Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//May/msg00001.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//May/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=126150535619567&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=126150535619567&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=127128920008563&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=127128920008563&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=127419602507642&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=127419602507642&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=127557596201693&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=127557596201693&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=130497311408250&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=130497311408250&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=132077688910227&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=132077688910227&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=133469267822771&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=133469267822771&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=134254866602253&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=142660345230545&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=142660345230545&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=cryptography&m=125752275331877&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://openbsd.org/errata45.html#010_opensslThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://openbsd.org/errata46.html#004_opensslThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/60521Broken Link
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/60972Broken Link
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/62210Broken Link
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/65202Broken Link
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2009/Nov/139Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37291Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37292Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37320Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37383Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37399Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37453Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37501Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37504Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37604Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37640Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37656Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37675Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37859Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38003Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38020Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38056Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38241Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38484Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38687Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38781Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39127Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39136Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39242Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39243Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39278Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39292Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39317Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39461Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39500Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39628Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39632Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39713Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39819Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40070Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40545Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40747Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40866Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41480Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41490Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41818Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41967Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41972Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42377Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42379Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42467Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42724Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42733Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42808Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42811Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42816Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43308Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44183Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44954Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48577Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200912-01.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201203-22.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201406-32.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023148Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1Broken Link
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1Broken Link
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1Broken Link
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1Broken Link
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1Broken Link
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4004Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4170Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4171Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/css/P8/documents/100070150Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/css/P8/documents/100081611Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/css/P8/documents/100114315Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/css/P8/documents/100114327Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.citrix.com/article/CTX123359Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTESBroken Link
af854a3a-2127-422b-91ae-364da2661108http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_releasedBroken Link
af854a3a-2127-422b-91ae-364da2661108http://sysoev.ru/nginx/patch.cve-2009-3555.txtBroken Link
af854a3a-2127-422b-91ae-364da2661108http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-923-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/Advisories:rPSA-2009-0155Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21426108Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21432298Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg24006386Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg24025312Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=onlyThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.arubanetworks.com/support/alerts/aid-020810.txtBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.betanews.com/article/1257452450Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1934Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2141Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3253Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ietf.org/mail-archive/web/tls/current/msg03928.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ietf.org/mail-archive/web/tls/current/msg03948.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ingate.com/Relnote.php?ver=481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/120541Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.links.org/?p=780Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.links.org/?p=786Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.links.org/?p=789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:076Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:084Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:089Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2010/mfsa2010-22.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openoffice.org/security/cves/CVE-2009-3555.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openssl.org/news/secadv_20091111.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/11/05/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/11/05/5Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/11/06/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/11/07/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/11/20/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/11/23/10Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.opera.com/docs/changelogs/unix/1060/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.opera.com/support/search/view/944/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2cBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0119.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0130.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0155.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0165.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0167.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0337.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0338.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0339.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0768.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0770.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0786.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0807.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0865.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0986.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0987.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0880.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/507952/100/0/threadedThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/508075/100/0/threadedThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/508130/100/0/threadedThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/515055/100/0/threadedThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/516397/100/0/threadedThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/522176Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/522176Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36935Exploit, Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023163Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023204Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023205Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023206Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023207Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023208Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023209Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023210Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023211Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023212Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023213Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023214Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023215Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023216Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023217Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023218Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023219Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023224Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023243Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023270Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023271Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023272Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023273Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023274Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023275Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023411Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023426Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023427Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023428Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1024789Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.tombom.co.uk/blog/?p=85Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1010-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-927-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-927-4Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-927-5Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA10-222A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA10-287A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3164Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3165Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3205Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3220Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3310Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3313Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3353Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3354Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3484Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3587Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0086Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0173Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0748Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0848Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0916Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0933Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0982Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0994Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1054Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1107Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1191Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1350Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1639Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1673Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1793Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2010Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2745Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/3069Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/3086Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/3126Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0032Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0033Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0086Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=526689Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=545755Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=533125Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/54158Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.bluecoat.com/index?page=content&id=SA50Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.htmlThird Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BD8600-0EF7-4612-B5C4-E327C0828479",
                     versionEndIncluding: "2.2.14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "38090AC3-C511-4C40-91A5-084CBEC11F34",
                     versionEndIncluding: "2.8.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "285433B6-03F9-495E-BACA-AA47A014411C",
                     versionEndIncluding: "3.12.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB35F63F-7856-42EE-87A6-7EC7F10C2032",
                     versionEndIncluding: "0.9.8k",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*",
                     matchCriteriaId: "718F8E8D-0940-4055-A948-96D25C79323B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "4747CC68-FAF4-482F-929A-9DA6C24CB663",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "87614B58-24AB-49FB-9C84-E8DDBA16353B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C757774-08E7-40AA-B532-6F705C8F7639",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "036E8A89-7A16-411F-9D31-676313BB7244",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
                     matchCriteriaId: "E44669D7-6C1E-4844-B78A-73E253A7CC17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2D59BD0-43DE-4E58-A057-640AB98359A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDE52846-24EC-4068-B788-EC7F915FFF11",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "06B2E3E1-C2E0-4A4E-A84D-93C456E868E7",
                     versionEndIncluding: "0.8.22",
                     versionStartIncluding: "0.1.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.",
      },
      {
         lang: "es",
         value: "El protocolo TLS y el protocolo SSL v3.0 y posiblemente versiones anteriores, tal y como se usa en Microsoft Internet Information Services (IIS) v7.0, mod_ssl en el servidor HTTP Apache v2.2.14 y anteriores, OpenSSL antes de v0.9.8l, GnuTLS v2.8.5 y anteriores, Mozilla Network Security Services (NSS) v3.12.4 y anteriores, y otros productos, no asocia apropiadamente la renegociación del Handshake SSL en una conexión existente, lo que permite ataques man-in-the-middle en los que el atacante inserta datos en sesiones HTTPS, y posiblemente otro tipo de sesiones protegidas por SSL o TLS, enviando una petición de autenticación que es procesada retroactivamente por un servidor en un contexto post-renegociación. Se trata de un ataque de \"inyección de texto plano\", también conocido como el problema del \"Proyecto Mogul\".",
      },
   ],
   id: "CVE-2009-3555",
   lastModified: "2024-11-21T01:07:38.960",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.8,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-11-09T17:30:00.407",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://blogs.iss.net/archive/sslmitmiscsrf.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "http://clicky.me/tlsvuln",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://extendedsubset.com/?p=8",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://extendedsubset.com/Renegotiating_TLS.pdf",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://kbase.redhat.com/faq/docs/DOC-20491",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=126150535619567&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=126150535619567&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=127128920008563&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=127128920008563&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=127419602507642&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=127419602507642&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=127557596201693&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=127557596201693&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=132077688910227&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=132077688910227&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=142660345230545&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=142660345230545&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=cryptography&m=125752275331877&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://openbsd.org/errata45.html#010_openssl",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://openbsd.org/errata46.html#004_openssl",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://osvdb.org/60521",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://osvdb.org/60972",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://osvdb.org/62210",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://osvdb.org/65202",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2009/Nov/139",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37291",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37292",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37320",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37383",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37399",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37453",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37501",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37504",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37604",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37640",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37656",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37675",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37859",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38003",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38020",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38056",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38241",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38484",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38687",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38781",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39127",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39136",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39242",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39243",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39278",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39292",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39317",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39461",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39500",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39628",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39632",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39713",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39819",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/40070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/40545",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/40747",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/40866",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/41480",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/41490",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/41818",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/41967",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/41972",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42377",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42379",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42467",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42724",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42733",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42808",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42811",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42816",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/43308",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/44183",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/44954",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/48577",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200912-01.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-201203-22.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-201406-32.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://securitytracker.com/id?1023148",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.apple.com/kb/HT4004",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.apple.com/kb/HT4170",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.apple.com/kb/HT4171",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.avaya.com/css/P8/documents/100070150",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.avaya.com/css/P8/documents/100081611",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.avaya.com/css/P8/documents/100114315",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.avaya.com/css/P8/documents/100114327",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.citrix.com/article/CTX123359",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://sysoev.ru/nginx/patch.cve-2009-3555.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://ubuntu.com/usn/usn-923-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://wiki.rpath.com/Advisories:rPSA-2009-0155",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg24006386",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg24025312",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://www.arubanetworks.com/support/alerts/aid-020810.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.betanews.com/article/1257452450",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2009/dsa-1934",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2011/dsa-2141",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2015/dsa-3253",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ingate.com/Relnote.php?ver=481",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/120541",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.links.org/?p=780",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.links.org/?p=786",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.links.org/?p=789",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openoffice.org/security/cves/CVE-2009-3555.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openssl.org/news/secadv_20091111.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/11/05/3",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/11/05/5",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/11/06/3",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/11/07/3",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/11/20/1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/11/23/10",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.opera.com/docs/changelogs/unix/1060/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.opera.com/support/search/view/944/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0119.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0130.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0155.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0165.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0167.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0337.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0338.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0339.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0768.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0770.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0786.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0807.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0865.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0986.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0987.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2011-0880.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/507952/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/508130/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/522176",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/522176",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/36935",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023163",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023204",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023205",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023206",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023207",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023208",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023209",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023210",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023211",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023212",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023213",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023214",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023215",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023216",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023217",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023218",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023219",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023224",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023243",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023270",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023271",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023272",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023273",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023274",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023275",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023411",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023426",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023427",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023428",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1024789",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://www.tombom.co.uk/blog/?p=85",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-1010-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-927-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-927-4",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-927-5",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA10-222A.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA10-287A.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3164",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3165",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3205",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3220",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3310",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3313",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3353",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3354",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3484",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3521",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3587",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0086",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0173",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0748",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0848",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0916",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0933",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0982",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0994",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1054",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1107",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1191",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1350",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1639",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1673",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1793",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/2010",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/2745",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/3069",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/3086",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/3126",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2011/0032",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2011/0033",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2011/0086",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=526689",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=545755",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://kb.bluecoat.com/index?page=content&id=SA50",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://blogs.iss.net/archive/sslmitmiscsrf.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "http://clicky.me/tlsvuln",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://extendedsubset.com/?p=8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://extendedsubset.com/Renegotiating_TLS.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://kbase.redhat.com/faq/docs/DOC-20491",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=126150535619567&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=126150535619567&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=127128920008563&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=127128920008563&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=127419602507642&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=127419602507642&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=127557596201693&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=127557596201693&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=132077688910227&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=132077688910227&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=142660345230545&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=bugtraq&m=142660345230545&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://marc.info/?l=cryptography&m=125752275331877&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://openbsd.org/errata45.html#010_openssl",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://openbsd.org/errata46.html#004_openssl",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://osvdb.org/60521",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://osvdb.org/60972",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://osvdb.org/62210",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://osvdb.org/65202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2009/Nov/139",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37291",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37320",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37383",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37399",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37453",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37501",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37504",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37604",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37640",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37656",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37675",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/37859",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38003",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38020",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38056",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38241",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38484",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38687",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/38781",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39127",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39136",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39242",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39243",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39278",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39317",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39461",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39628",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39632",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39713",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/39819",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/40070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/40545",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/40747",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/40866",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/41480",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/41490",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/41818",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/41967",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/41972",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42377",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42379",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42467",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42724",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42733",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42808",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42811",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/42816",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/43308",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/44183",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/44954",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/48577",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200912-01.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-201203-22.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-201406-32.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://securitytracker.com/id?1023148",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.apple.com/kb/HT4004",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.apple.com/kb/HT4170",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.apple.com/kb/HT4171",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.avaya.com/css/P8/documents/100070150",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.avaya.com/css/P8/documents/100081611",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.avaya.com/css/P8/documents/100114315",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.avaya.com/css/P8/documents/100114327",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://support.citrix.com/article/CTX123359",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://sysoev.ru/nginx/patch.cve-2009-3555.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://ubuntu.com/usn/usn-923-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://wiki.rpath.com/Advisories:rPSA-2009-0155",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg24006386",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg24025312",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.arubanetworks.com/support/alerts/aid-020810.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.betanews.com/article/1257452450",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2009/dsa-1934",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2011/dsa-2141",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2015/dsa-3253",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ingate.com/Relnote.php?ver=481",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/120541",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.links.org/?p=780",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.links.org/?p=786",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.links.org/?p=789",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openoffice.org/security/cves/CVE-2009-3555.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openssl.org/news/secadv_20091111.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/11/05/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/11/05/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/11/06/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/11/07/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/11/20/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2009/11/23/10",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.opera.com/docs/changelogs/unix/1060/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.opera.com/support/search/view/944/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0119.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0130.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0155.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0165.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0167.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0337.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0338.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0339.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0768.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0770.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0786.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0807.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0865.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0986.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2010-0987.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2011-0880.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/507952/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/508130/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/522176",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/522176",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/36935",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023163",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023204",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023205",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023206",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023207",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023208",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023209",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023210",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023211",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023212",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023213",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023214",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023215",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023216",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023217",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023218",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023219",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023224",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023243",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023270",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023271",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023272",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023273",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023274",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023275",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023411",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023426",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023427",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1023428",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1024789",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.tombom.co.uk/blog/?p=85",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-1010-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-927-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-927-4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-927-5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA10-222A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA10-287A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3164",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3165",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3205",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3220",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3310",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3313",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3353",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3354",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3484",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3521",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2009/3587",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0086",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0173",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0748",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0848",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0916",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0933",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0982",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0994",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1054",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1107",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1191",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1350",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1639",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1673",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/1793",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/2010",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/2745",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/3069",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/3086",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/3126",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2011/0032",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2011/0033",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2011/0086",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=526689",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=545755",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://kb.bluecoat.com/index?page=content&id=SA50",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vendorComments: [
      {
         comment: "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555\n\nAdditional information can be found in the Red Hat Knowledgebase article:\nhttp://kbase.redhat.com/faq/docs/DOC-20491",
         lastModified: "2009-11-20T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-295",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-02-08 19:55
Modified
2024-11-21 01:50
Severity ?
Summary
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html
cve@mitre.orghttp://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html
cve@mitre.orghttp://openwall.com/lists/oss-security/2013/02/05/24
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2013-0588.html
cve@mitre.orghttp://secunia.com/advisories/57260
cve@mitre.orghttp://secunia.com/advisories/57274
cve@mitre.orghttp://www.gnutls.org/security.html#GNUTLS-SA-2013-1
cve@mitre.orghttp://www.isg.rhul.ac.uk/tls/TLStiming.pdf
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1752-1
cve@mitre.orghttps://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0Exploit, Patch
cve@mitre.orghttps://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html
af854a3a-2127-422b-91ae-364da2661108http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2013/02/05/24
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0588.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57260
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57274
af854a3a-2127-422b-91ae-364da2661108http://www.gnutls.org/security.html#GNUTLS-SA-2013-1
af854a3a-2127-422b-91ae-364da2661108http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1752-1
af854a3a-2127-422b-91ae-364da2661108https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198Exploit, Patch
Impacted products
Vendor Product Version
gnu gnutls 2.0.0
gnu gnutls 2.0.1
gnu gnutls 2.0.2
gnu gnutls 2.0.3
gnu gnutls 2.0.4
gnu gnutls 2.1.0
gnu gnutls 2.1.1
gnu gnutls 2.1.2
gnu gnutls 2.1.3
gnu gnutls 2.1.4
gnu gnutls 2.1.5
gnu gnutls 2.1.6
gnu gnutls 2.1.7
gnu gnutls 2.1.8
gnu gnutls 2.2.0
gnu gnutls 2.2.1
gnu gnutls 2.2.2
gnu gnutls 2.2.3
gnu gnutls 2.2.4
gnu gnutls 2.2.5
gnu gnutls 2.3.0
gnu gnutls 2.3.1
gnu gnutls 2.3.2
gnu gnutls 2.3.3
gnu gnutls 2.3.4
gnu gnutls 2.3.5
gnu gnutls 2.3.6
gnu gnutls 2.3.7
gnu gnutls 2.3.8
gnu gnutls 2.3.9
gnu gnutls 2.3.10
gnu gnutls 2.3.11
gnu gnutls 2.4.0
gnu gnutls 2.4.1
gnu gnutls 2.4.2
gnu gnutls 2.4.3
gnu gnutls 2.5.0
gnu gnutls 2.6.0
gnu gnutls 2.6.1
gnu gnutls 2.6.2
gnu gnutls 2.6.3
gnu gnutls 2.6.4
gnu gnutls 2.6.5
gnu gnutls 2.6.6
gnu gnutls 2.7.4
gnu gnutls 2.8.0
gnu gnutls 2.8.1
gnu gnutls 2.8.2
gnu gnutls 2.8.3
gnu gnutls 2.8.4
gnu gnutls 2.8.5
gnu gnutls 2.8.6
gnu gnutls 2.10.0
gnu gnutls 2.10.1
gnu gnutls 2.10.2
gnu gnutls 2.10.3
gnu gnutls 2.10.4
gnu gnutls 2.10.5
gnu gnutls 2.12.0
gnu gnutls 2.12.1
gnu gnutls 2.12.2
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 2.12.5
gnu gnutls 2.12.6
gnu gnutls 2.12.6.1
gnu gnutls 2.12.7
gnu gnutls 2.12.8
gnu gnutls 2.12.9
gnu gnutls 2.12.10
gnu gnutls 2.12.11
gnu gnutls 2.12.12
gnu gnutls 2.12.13
gnu gnutls 2.12.14
gnu gnutls 2.12.15
gnu gnutls 2.12.16
gnu gnutls 2.12.17
gnu gnutls 2.12.18
gnu gnutls 2.12.19
gnu gnutls 2.12.20
gnu gnutls 2.12.21
gnu gnutls 2.12.22
gnu gnutls 3.0
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 3.0.2
gnu gnutls 3.0.3
gnu gnutls 3.0.4
gnu gnutls 3.0.5
gnu gnutls 3.0.6
gnu gnutls 3.0.7
gnu gnutls 3.0.8
gnu gnutls 3.0.9
gnu gnutls 3.0.10
gnu gnutls 3.0.11
gnu gnutls 3.0.12
gnu gnutls 3.0.13
gnu gnutls 3.0.14
gnu gnutls 3.0.15
gnu gnutls 3.0.16
gnu gnutls 3.0.17
gnu gnutls 3.0.18
gnu gnutls 3.0.19
gnu gnutls 3.0.20
gnu gnutls 3.0.21
gnu gnutls 3.0.22
gnu gnutls 3.0.23
gnu gnutls 3.0.24
gnu gnutls 3.0.25
gnu gnutls 3.0.26
gnu gnutls 3.0.27
gnu gnutls 3.1.0
gnu gnutls 3.1.1
gnu gnutls 3.1.2
gnu gnutls 3.1.3
gnu gnutls 3.1.4
gnu gnutls 3.1.5
gnu gnutls 3.1.6



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D61596-01EB-4936-923B-63537625F926",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "599EB59C-7717-47A8-84C6-78B6D79AEB02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "26E9005E-5034-43F2-B96E-7829E19FE3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "83F22BF4-A738-438B-8D0B-6993640F0D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AF269AE-121B-4982-A765-5C7E806FA9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1C9F604-7FBE-4759-B039-8F5894574203",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "191821CD-E4CB-4269-B04C-284A9F9783B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A71474-958D-4689-A652-3E2A731F47FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "38169043-17DF-4CF9-963A-8770B8882357",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4537676-A72E-4433-B44F-3664EDD6F240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D090B10-68F2-424D-8234-2A280AA96B59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "23168B77-645D-4A2A-A6E3-7001104064A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D085B16-3116-423F-BDE0-2D93E12650A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "C51E0C88-B19C-408D-AC17-10CE7462D48A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AC41482-B3BC-4C93-A850-73A179BAB763",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADC80BE1-28A6-4348-A061-8FD9C805E945",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D7D245A-D983-40AD-89A7-0EA00D38D570",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7223691-225D-4649-B410-F41D2C489BA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F786B6F2-77FC-4DFE-A574-2C00EDC08CE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "350A6845-77D6-4D63-A13C-5DAB55F98727",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D457688-987A-4059-AA58-D9BF19ABC48B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA20043D-EC85-4003-9E7B-27AB50F4E133",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "18A2C47E-510D-4537-8F51-3763A73E8E52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4704D411-7B24-4B1F-9D40-A39A178FF873",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B5E7C27-A5D9-4ABD-AFC5-5367083F387F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3091701-9B7C-4494-A82E-6E6F64656D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "541BCA04-0500-4388-9140-55C17E17EB15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E11431F6-8C9D-40E1-84F6-CD25147DB15E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DC3D824-585E-49F1-9E44-902F5C7D57D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2097221B-46C2-480C-8D79-54080186BB58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5CEC430-8CFF-4DC5-9B2B-338C401B1984",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2DAA60D-F9B4-4045-81C2-29AD913E7BF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "547CC163-57F9-4418-BFB1-0E688DEEE0BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A274912-B16F-4B91-8CC0-E5CEED04B678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA84D0DE-B63F-41E4-AB04-70D2F5134D46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5552C7B3-5D56-4858-B138-F49CD1F90513",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F7E11DD-6AFC-4271-92D5-FB41CA6E1B52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA23D0EC-6014-4303-962A-1936EFCE3D16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8BA54B99-2FF1-432F-9587-8F384323CADE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "39F59B50-BC97-43B3-BC15-C767F420291E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B25626-7C72-4BAE-85FF-415A5F376A00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "31E092EF-D7F6-4160-B928-3C3EA1198B33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "185A2FAD-5541-4439-924B-406BD33E6FA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "854F260C-4C7D-4855-8644-4B6DC7CD5657",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "07E877F8-3623-4295-816F-7EE4FFDE1599",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "86E711C7-37EE-4957-BD49-FA08103357BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "A964A74F-CC0E-4E2E-8DBB-858A66EA2566",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B36918C-BB8D-4B8E-8868-7726C5ADD4FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "28795719-99A4-4DA3-AE98-4FDBEE320AAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "13A85219-2DF1-4F84-A8AC-C923F8F7AF1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "CECB347D-51C9-4905-8035-61D5EE05D751",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "53C7F93C-6997-490C-988F-B58C26467265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAB96B-92C8-4D72-8BF0-5B9578549233",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0441F505-F28B-466F-8B68-E165154D3738",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "0FEAB490-9368-453F-8CA0-699FBC86BF01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC43DD1B-D8F0-4CC6-A5A9-C0DCEB1A7131",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8150D656-9B13-49D0-9960-4C78E057AB26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0161F845-C5F4-4318-949A-499A4062FB78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C42F577F-264C-4F8F-955A-67743965AB8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "022F28CD-4D6B-48AB-8E39-244E19D34F67",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "16B5986E-1029-4D40-8012-1FF1615C929A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "45439989-0D3B-4DCE-AB35-B63B1543CD59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBCD4F3C-8BD4-4367-B00C-A1379C158625",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "12F2CFB7-5ACF-4328-B0F8-C3A981CAA368",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC3A72EF-FB1C-4CD8-B6C7-B7D60D6A14D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "14624E40-3CAA-45E5-BDF2-F08706FC68BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "E743ABC3-6F24-43E1-98E5-6F60BE975212",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDA000C-A616-402B-B964-D5F4ADB6B550",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "62789464-0074-4009-B97B-665A21E0CC25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B02B1BA-4E05-4AFD-B1F8-1CB54F2DC5B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "95A77487-3ABD-40F5-9C98-49A65ED7F16D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "3911F202-5E7B-4DE3-90D9-07278923036B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CF1B6CF-3434-4874-9324-87D045511A13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "133CA307-1B3A-4DBB-89F8-C780E4B1BA7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "48CD2EAB-A10E-4C91-9D00-9F98BD63CA1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.26:*:*:*:*:*:*:*",
                     matchCriteriaId: "F97BE4C9-E7FC-44FE-9F11-7776BCD6E81F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.27:*:*:*:*:*:*:*",
                     matchCriteriaId: "D97EAF12-679B-4494-871F-0074ABD0E20B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D91451B0-301B-430D-9D77-00F4AE91C10A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "344CCDAD-64EC-419C-995B-51F922AB9E39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "49DB8FC4-F84A-47FD-9586-CF02761152A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "D57BDDEB-090D-472C-9FB6-4555429860E5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.",
      },
      {
         lang: "es",
         value: "La implementación de TLS en GnuTLS antes de v2.12.23, v3.0.x antes de v3.0.28, y v3.1.x antes de v3.1.7 no tiene debidamente en cuenta los ataques de tiempo al canal lateral en la operación de comprobación de incumplimiento MAC durante el proceso de relleno CBC malformado, lo que permite a atacantes remotos realizar ataques distintivos y de texto plano ataques de recuperación a través de análisis estadístico de datos de tiempo de los paquetes hechos a mano, una cuestión relacionada con CVE-2013-0169.",
      },
   ],
   id: "CVE-2013-1619",
   lastModified: "2024-11-21T01:50:00.760",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-02-08T19:55:01.157",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://openwall.com/lists/oss-security/2013/02/05/24",
      },
      {
         source: "cve@mitre.org",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0588.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/57274",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/USN-1752-1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://openwall.com/lists/oss-security/2013/02/05/24",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0588.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57274",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1752-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-08-14 18:59
Modified
2024-11-21 02:18
Severity ?
Summary
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
Impacted products
Vendor Product Version
gnu gnutls *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0AB4B12-05D9-4428-8238-50A4C77AFADD",
                     versionEndIncluding: "2.9.9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en GnuTLS en versiones anteriores a 2.9.10, no verifica las fechas de activación y expiración de certificados CA, lo que permite a atacantes man-in-the-middle suplantar servidores a través de un certificado expedido por un certificado CA que (1) aún no es válido o (2) ya no es válido.",
      },
   ],
   id: "CVE-2014-8155",
   lastModified: "2024-11-21T02:18:40.533",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-08-14T18:59:01.347",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1457.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/73317",
      },
      {
         source: "secalert@redhat.com",
         url: "https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c",
      },
      {
         source: "secalert@redhat.com",
         url: "https://support.f5.com/csp/article/K53330207",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1457.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/73317",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://support.f5.com/csp/article/K53330207",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-17",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-03-24 15:59
Modified
2024-11-21 03:27
Severity ?
Summary
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
References
security@debian.orghttp://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.htmlThird Party Advisory
security@debian.orghttp://rhn.redhat.com/errata/RHSA-2017-0574.html
security@debian.orghttp://www.openwall.com/lists/oss-security/2017/01/10/7Mailing List, Patch, Third Party Advisory
security@debian.orghttp://www.openwall.com/lists/oss-security/2017/01/11/4Mailing List, Patch, Third Party Advisory
security@debian.orghttp://www.securityfocus.com/bid/95377Third Party Advisory, VDB Entry
security@debian.orghttp://www.securitytracker.com/id/1037576Third Party Advisory, VDB Entry
security@debian.orghttps://access.redhat.com/errata/RHSA-2017:2292
security@debian.orghttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340Issue Tracking, Patch, Third Party Advisory
security@debian.orghttps://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732Issue Tracking, Patch, Third Party Advisory
security@debian.orghttps://gnutls.org/security.html#GNUTLS-SA-2017-2Vendor Advisory
security@debian.orghttps://security.gentoo.org/glsa/201702-04Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2017-0574.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/01/10/7Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/01/11/4Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/95377Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037576Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2292
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gnutls.org/security.html#GNUTLS-SA-2017-2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201702-04Patch, Third Party Advisory, Vendor Advisory
Impacted products
Vendor Product Version
opensuse leap 42.1
opensuse leap 42.2
gnu gnutls *
gnu gnutls 3.5.0
gnu gnutls 3.5.1
gnu gnutls 3.5.2
gnu gnutls 3.5.3
gnu gnutls 3.5.4
gnu gnutls 3.5.5
gnu gnutls 3.5.6
gnu gnutls 3.5.7



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BCB1A63-F2CF-474F-AAF6-CE225C58B765",
                     versionEndIncluding: "3.3.25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434168D-05A8-4300-9069-C55566A5EAA0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BACD6E9A-8CCA-44C3-AE54-BAABEAB5BB37",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D6FA626-AEE9-4E3B-8BE4-3F2D46FF072D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA302AC-1DE9-4D36-94B2-BB4411E9BF53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "71805931-872A-4F1A-A8B4-82347C2EF90E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1A489C2-4824-4133-83E0-625AA454E959",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8D38B82-82A7-4943-BE1C-77EC707289D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "850A1174-F1E7-47EA-AF71-FEB6C4379EDC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.",
      },
      {
         lang: "es",
         value: "El desbordamiento de búfer basado en la pila en la función cdk_pk_get_keyid en lib/opencdk/pubkey.c en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permite a atacantes remotos tener un impacto no especificado a través de un certificado OpenPGP manipulado.",
      },
   ],
   id: "CVE-2017-5336",
   lastModified: "2024-11-21T03:27:24.913",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-03-24T15:59:00.873",
   references: [
      {
         source: "security@debian.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
      },
      {
         source: "security@debian.org",
         url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
      },
      {
         source: "security@debian.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
      },
      {
         source: "security@debian.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
      },
      {
         source: "security@debian.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/95377",
      },
      {
         source: "security@debian.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037576",
      },
      {
         source: "security@debian.org",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "security@debian.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340",
      },
      {
         source: "security@debian.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732",
      },
      {
         source: "security@debian.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
      },
      {
         source: "security@debian.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201702-04",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/95377",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037576",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201702-04",
      },
   ],
   sourceIdentifier: "security@debian.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-08-22 13:29
Modified
2024-11-21 03:42
Summary
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
References
secalert@redhat.comhttp://www.securityfocus.com/bid/105138Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:3050Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:3505Broken Link
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://eprint.iacr.org/2018/747Third Party Advisory
secalert@redhat.comhttps://gitlab.com/gnutls/gnutls/merge_requests/657Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/10/msg00022.htmlMailing List, Third Party Advisory
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/
secalert@redhat.comhttps://usn.ubuntu.com/3999-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105138Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3050Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3505Broken Link
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://eprint.iacr.org/2018/747Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/merge_requests/657Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/10/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3999-1/Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECA0072D-DE2F-467F-9143-371A8CCB9000",
                     versionEndExcluding: "3.6.12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.",
      },
      {
         lang: "es",
         value: "Se ha detectado que la implementación GnuTLS de HMAC-SHA-256 era vulnerable a un ataque de estilo Lucky Thirteen. Los atacantes remotos podrían utilizar este fallo para realizar ataques de distinción y de recuperación en texto plano mediante análisis estadísticos de datos temporales mediante paquetes manipulados.",
      },
   ],
   id: "CVE-2018-10844",
   lastModified: "2024-11-21T03:42:07.573",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-08-22T13:29:00.317",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/105138",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3050",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3505",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://eprint.iacr.org/2018/747",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/merge_requests/657",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3999-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/105138",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3050",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3505",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://eprint.iacr.org/2018/747",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/merge_requests/657",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3999-1/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-385",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-327",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-11-28 12:15
Modified
2024-11-21 08:42
Summary
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0155
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0319
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0399
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0451
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0533
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1383
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2094
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-5981Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2248445Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/01/19/3
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0155
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0319
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0399
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0451
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0533
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1383
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2094
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-5981Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2248445Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
Impacted products
Vendor Product Version
gnu gnutls 1.5.0
redhat linux 8.0
redhat linux 9.0
fedoraproject fedora 37
fedoraproject fedora 38



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "00DE1208-BDDC-405B-A34A-B58D00A279DD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "038FEDE7-986F-4CA5-9003-BA68352B87D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E66F7BF0-EF7C-4695-9D67-7C1A01C6F9B9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                     matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad en la que los tiempos de respuesta a textos cifrados con formato incorrecto en RSA-PSK ClientKeyExchange difieren de los tiempos de respuesta de textos cifrados con el relleno PKCS#1 v1.5 correcto.",
      },
   ],
   id: "CVE-2023-5981",
   lastModified: "2024-11-21T08:42:54.777",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-11-28T12:15:07.040",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:0155",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:0319",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:0399",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:0451",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:0533",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:1383",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:2094",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2023-5981",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248445",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2024/01/19/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:0155",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:0319",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:0399",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:0451",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:0533",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:1383",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:2094",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2023-5981",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248445",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-203",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-203",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2008-11-13 01:00
Modified
2024-11-21 00:53
Summary
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
References
cve@mitre.orghttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215Broken Link, Patch
cve@mitre.orghttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217Broken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.htmlMailing List
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlMailing List
cve@mitre.orghttp://secunia.com/advisories/32619Broken Link, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/32681Broken Link
cve@mitre.orghttp://secunia.com/advisories/32687Broken Link
cve@mitre.orghttp://secunia.com/advisories/32879Broken Link
cve@mitre.orghttp://secunia.com/advisories/33501Broken Link
cve@mitre.orghttp://secunia.com/advisories/33694Broken Link
cve@mitre.orghttp://secunia.com/advisories/35423Broken Link
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200901-10.xmlThird Party Advisory
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1Broken Link
cve@mitre.orghttp://wiki.rpath.com/Advisories:rPSA-2008-0322Broken Link
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1719Mailing List
cve@mitre.orghttp://www.gnu.org/software/gnutls/security.htmlProduct
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2008:227Broken Link
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0982.htmlBroken Link
cve@mitre.orghttp://www.securityfocus.com/archive/1/498431/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/bid/32232Broken Link, Patch, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id?1021167Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/usn-678-2Third Party Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3086Broken Link
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1567Broken Link
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/46482Third Party Advisory, VDB Entry
cve@mitre.orghttps://issues.rpath.com/browse/RPL-2886Broken Link
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650Broken Link
cve@mitre.orghttps://usn.ubuntu.com/678-1/Broken Link
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.htmlMailing List
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215Broken Link, Patch
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217Broken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32619Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32681Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32687Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32879Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33501Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33694Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35423Broken Link
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200901-10.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1Broken Link
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/Advisories:rPSA-2008-0322Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1719Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.gnu.org/software/gnutls/security.htmlProduct
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:227Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0982.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/498431/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32232Broken Link, Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021167Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-678-2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3086Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1567Broken Link
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46482Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-2886Broken Link
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650Broken Link
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/678-1/Broken Link
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.htmlMailing List



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CA85285-1376-4569-8EC1-66E1625E258D",
                     versionEndExcluding: "2.6.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*",
                     matchCriteriaId: "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",
                     matchCriteriaId: "743CBBB1-C140-4FEF-B40E-FAE4511B1140",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
                     matchCriteriaId: "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "823BF8BE-2309-4F67-A5E2-EAD98F723468",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
                     matchCriteriaId: "7EBFE35C-E243-43D1-883D-4398D71763CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "4747CC68-FAF4-482F-929A-9DA6C24CB663",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF141FBE-4CA5-4695-94A0-8BE1309D28CC",
                     versionEndIncluding: "11.1",
                     versionStartIncluding: "10.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise:10.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "AED08A6F-CD23-4405-B1CF-C96BB8AE7D6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "1608E282-2E96-4447-848D-DBE915DB0EF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*",
                     matchCriteriaId: "38C3AEB0-59E2-400A-8943-60C0A223B680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
                     matchCriteriaId: "F13F07CC-739B-465C-9184-0E9D708BD4C7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).",
      },
      {
         lang: "es",
         value: "La función _gnutls_x509_verify_certificate en lib/x509/verify.c en libgnutls en GnuTLS antes de v2.6.1 confía en las cadenas de certificado en las que el último certificado es un certificado de confianza arbitraria, auto-firmado, lo que permite a atacantes de tipo \"hombre en el medio\" (man-in-the-middle) insertar un certificado falso para cualquier Distinguished Name(DN).",
      },
   ],
   id: "CVE-2008-4989",
   lastModified: "2024-11-21T00:53:00.790",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2008-11-13T01:00:01.177",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/32619",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/32681",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/32687",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/32879",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/33501",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/33694",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/35423",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200901-10.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://wiki.rpath.com/Advisories:rPSA-2008-0322",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "http://www.debian.org/security/2009/dsa-1719",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
         ],
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:227",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2008-0982.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/498431/100/0/threaded",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Patch",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/32232",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1021167",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/usn-678-2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.vupen.com/english/advisories/2008/3086",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.vupen.com/english/advisories/2009/1567",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46482",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "https://issues.rpath.com/browse/RPL-2886",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "https://usn.ubuntu.com/678-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Patch",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/32619",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/32681",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/32687",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/32879",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/33501",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/33694",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/35423",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200901-10.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://wiki.rpath.com/Advisories:rPSA-2008-0322",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "http://www.debian.org/security/2009/dsa-1719",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
         ],
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:227",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2008-0982.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/archive/1/498431/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Patch",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/32232",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id?1021167",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/usn-678-2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.vupen.com/english/advisories/2008/3086",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.vupen.com/english/advisories/2009/1567",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46482",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "https://issues.rpath.com/browse/RPL-2886",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "https://usn.ubuntu.com/678-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-295",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-06-16 19:29
Modified
2024-11-21 03:32
Summary
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
Impacted products
Vendor Product Version
gnu gnutls *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6117AAF1-2C27-4ED7-9C7A-F5A57FA2EC0A",
                     versionEndIncluding: "3.5.12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.",
      },
      {
         lang: "es",
         value: "GnuTLS versión 3.5.12 y anteriores, es vulnerable a una desreferencia del puntero NULL durante la descodificación de una extensión TLS de respuesta de estado con contenido válido. Esto podría conllevar a un bloqueo de la aplicación del servidor GnuTLS.",
      },
   ],
   id: "CVE-2017-7507",
   lastModified: "2024-11-21T03:32:02.370",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-06-16T19:29:00.190",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2017/dsa-3884",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/99102",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2017/dsa-3884",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/99102",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-09-27 15:59
Modified
2024-11-21 02:58
Summary
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
Impacted products
Vendor Product Version
gnu gnutls *
gnu gnutls 3.5.0
gnu gnutls 3.5.1
gnu gnutls 3.5.2
gnu gnutls 3.5.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE2AE755-9003-4174-8F45-229FDE69B514",
                     versionEndIncluding: "3.4.14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434168D-05A8-4300-9069-C55566A5EAA0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BACD6E9A-8CCA-44C3-AE54-BAABEAB5BB37",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D6FA626-AEE9-4E3B-8BE4-3F2D46FF072D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCA302AC-1DE9-4D36-94B2-BB4411E9BF53",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.",
      },
      {
         lang: "es",
         value: "La función gnutls_ocsp_resp_check_crt en lib/x509/ocsp.c en GnuTLS en versiones anteriores a 3.4.15 y 3.5.x en versiones anteriores a 3.5.4 no verifica la longitud de serie de una respuesta OCSP, lo que podría permitir a atacantes remotos eludir un mecanismo de validación destinada a certificados a través de vectores que involucran bytes finales dejados por gnutls_malloc.",
      },
   ],
   id: "CVE-2016-7444",
   lastModified: "2024-11-21T02:58:01.410",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: true,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-09-27T15:59:12.517",
   references: [
      {
         source: "security@debian.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
      },
      {
         source: "security@debian.org",
         url: "http://www.securityfocus.com/bid/92893",
      },
      {
         source: "security@debian.org",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "security@debian.org",
         tags: [
            "Patch",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9",
      },
      {
         source: "security@debian.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html",
      },
      {
         source: "security@debian.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/92893",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2017:2292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security.html",
      },
   ],
   sourceIdentifier: "security@debian.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2011-12-08 20:55
Modified
2024-11-21 01:31
Severity ?
Summary
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
References
secalert@redhat.comhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596
secalert@redhat.comhttp://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=190cef6eed37d0e73a73c1e205eb31d45ab60a3c
secalert@redhat.comhttp://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=e82ef4545e9e98cbcb032f55d7c750b81e3a0450
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/11/09/2
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/11/09/4
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0429.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0488.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0531.html
secalert@redhat.comhttp://secunia.com/advisories/48596
secalert@redhat.comhttp://secunia.com/advisories/48712
secalert@redhat.comhttp://www.gnu.org/software/gnutls/security.html
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:045
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1418-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=752308
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=190cef6eed37d0e73a73c1e205eb31d45ab60a3c
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=e82ef4545e9e98cbcb032f55d7c750b81e3a0450
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/11/09/2
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/11/09/4
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0429.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0488.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0531.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48596
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48712
af854a3a-2127-422b-91ae-364da2661108http://www.gnu.org/software/gnutls/security.html
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:045
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1418-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=752308
Impacted products
Vendor Product Version
gnu gnutls 2.12.0
gnu gnutls 2.12.1
gnu gnutls 2.12.2
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 2.12.5
gnu gnutls 2.12.6
gnu gnutls 2.12.6.1
gnu gnutls 2.12.7
gnu gnutls 2.12.8
gnu gnutls 2.12.9
gnu gnutls 2.12.10
gnu gnutls 2.12.11
gnu gnutls 2.12.12
gnu gnutls 2.12.13
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 3.0.2
gnu gnutls 3.0.3
gnu gnutls 3.0.4
gnu gnutls 3.0.5
gnu gnutls 3.0.6



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8BA54B99-2FF1-432F-9587-8F384323CADE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "39F59B50-BC97-43B3-BC15-C767F420291E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B25626-7C72-4BAE-85FF-415A5F376A00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "31E092EF-D7F6-4160-B928-3C3EA1198B33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "185A2FAD-5541-4439-924B-406BD33E6FA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "854F260C-4C7D-4855-8644-4B6DC7CD5657",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "07E877F8-3623-4295-816F-7EE4FFDE1599",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "86E711C7-37EE-4957-BD49-FA08103357BC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8150D656-9B13-49D0-9960-4C78E057AB26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0161F845-C5F4-4318-949A-499A4062FB78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C42F577F-264C-4F8F-955A-67743965AB8C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.",
      },
      {
         lang: "es",
         value: "Desbordamiento de búfer en la función gnutls_session_get_data en lib/gnutls_session.c en GnuTLS v2.12.x antes de v2.12.14 y v3.x antes de v3.0.7, cuando se utiliza en un cliente que realiza la reanudación de sesión no estándar, permite a los servidores remotos de TLS causar una denegación de servicio (caída de aplicación) a través de un SessionTicket grande.",
      },
   ],
   id: "CVE-2011-4128",
   lastModified: "2024-11-21T01:31:54.120",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2011-12-08T20:55:00.890",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596",
      },
      {
         source: "secalert@redhat.com",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=190cef6eed37d0e73a73c1e205eb31d45ab60a3c",
      },
      {
         source: "secalert@redhat.com",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=e82ef4545e9e98cbcb032f55d7c750b81e3a0450",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://openwall.com/lists/oss-security/2011/11/09/2",
      },
      {
         source: "secalert@redhat.com",
         url: "http://openwall.com/lists/oss-security/2011/11/09/4",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0429.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/48596",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/48712",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:045",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1418-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=752308",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=190cef6eed37d0e73a73c1e205eb31d45ab60a3c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=e82ef4545e9e98cbcb032f55d7c750b81e3a0450",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://openwall.com/lists/oss-security/2011/11/09/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://openwall.com/lists/oss-security/2011/11/09/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0429.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/48596",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/48712",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:045",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1418-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=752308",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-03-24 17:59
Modified
2024-11-21 02:22
Severity ?
Summary
GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
Impacted products
Vendor Product Version
gnu gnutls *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "566DEEC1-DA2F-43C7-AFE3-AC351CCA3795",
                     versionEndIncluding: "3.0.9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.",
      },
      {
         lang: "es",
         value: "GnuTLS anterior a 3.1.0 no verifica que el algoritmo de firmas RSA PKCS #1 coincide con el algoritmo de firmas en el certificado, lo que permite a atacantes remotos realizar ataques de degradación a través de vectores no especificados.",
      },
   ],
   id: "CVE-2015-0282",
   lastModified: "2024-11-21T02:22:43.130",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-03-24T17:59:04.007",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1457.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2015/dsa-3191",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnutls.org/security.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/73119",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securitytracker.com/id/1032148",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1457.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2015/dsa-3191",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gnutls.org/security.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/73119",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1032148",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-08-22 13:29
Modified
2024-11-21 03:42
Summary
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
References
secalert@redhat.comhttp://www.securityfocus.com/bid/105138Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:3050Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:3505Broken Link
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://eprint.iacr.org/2018/747Third Party Advisory
secalert@redhat.comhttps://gitlab.com/gnutls/gnutls/merge_requests/657Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/10/msg00022.htmlMailing List, Third Party Advisory
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/
secalert@redhat.comhttps://usn.ubuntu.com/3999-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105138Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3050Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3505Broken Link
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://eprint.iacr.org/2018/747Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/merge_requests/657Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/10/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3999-1/Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECA0072D-DE2F-467F-9143-371A8CCB9000",
                     versionEndExcluding: "3.6.12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.",
      },
      {
         lang: "es",
         value: "Se ha detectado un canal lateral basado en memoria caché en la implementación GnuTLS que conduce a un ataque de recuperación de texto plano a través de una máquina virtual. Un atacante podría utilizar una combinación de un ataque \"Just in Time\" Prime+probe con un ataque Lucky-13 para recuperar texto plano usando paquetes manipulados.",
      },
   ],
   id: "CVE-2018-10846",
   lastModified: "2024-11-21T03:42:07.920",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 1.9,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 0.8,
            impactScore: 4,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.6,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.1,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-08-22T13:29:00.627",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/105138",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3050",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3505",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://eprint.iacr.org/2018/747",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/merge_requests/657",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3999-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/105138",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3050",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3505",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://eprint.iacr.org/2018/747",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/merge_requests/657",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3999-1/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-385",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-327",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-01-06 01:55
Modified
2024-11-21 01:34
Severity ?
Summary
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
Impacted products
Vendor Product Version
gnu gnutls *
gnu gnutls 2.2.4
gnu gnutls 2.2.5
gnu gnutls 2.4.0
gnu gnutls 2.4.1
gnu gnutls 2.4.2
gnu gnutls 2.4.3
gnu gnutls 2.6.0
gnu gnutls 2.6.1
gnu gnutls 2.6.2
gnu gnutls 2.6.3
gnu gnutls 2.6.4
gnu gnutls 2.6.5
gnu gnutls 2.6.6
gnu gnutls 2.8.0
gnu gnutls 2.8.1
gnu gnutls 2.8.2
gnu gnutls 2.8.3
gnu gnutls 2.8.4
gnu gnutls 2.8.5
gnu gnutls 2.8.6
gnu gnutls 2.10.0
gnu gnutls 2.10.1
gnu gnutls 2.10.1-x86
gnu gnutls 2.10.2
gnu gnutls 2.10.2-x86
gnu gnutls 2.10.3
gnu gnutls 2.10.4
gnu gnutls 2.10.5
gnu gnutls 2.10.5-x86
gnu gnutls 2.12.0
gnu gnutls 2.12.1
gnu gnutls 2.12.2
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 2.12.5
gnu gnutls 2.12.6
gnu gnutls 2.12.6.1
gnu gnutls 2.12.7
gnu gnutls 2.12.8
gnu gnutls 2.12.9
gnu gnutls 2.12.10
gnu gnutls 2.12.11
gnu gnutls 2.12.12
gnu gnutls 2.12.13
gnu gnutls 2.12.14
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 3.0.2
gnu gnutls 3.0.3
gnu gnutls 3.0.4
gnu gnutls 3.0.5
gnu gnutls 3.0.6
gnu gnutls 3.0.7
gnu gnutls 3.0.8
gnu gnutls 3.0.9



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E54287A-6374-462C-B4AC-843298ED3E1C",
                     versionEndIncluding: "3.0.10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D090B10-68F2-424D-8234-2A280AA96B59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "23168B77-645D-4A2A-A6E3-7001104064A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D7D245A-D983-40AD-89A7-0EA00D38D570",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7223691-225D-4649-B410-F41D2C489BA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F786B6F2-77FC-4DFE-A574-2C00EDC08CE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "350A6845-77D6-4D63-A13C-5DAB55F98727",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D457688-987A-4059-AA58-D9BF19ABC48B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA20043D-EC85-4003-9E7B-27AB50F4E133",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "18A2C47E-510D-4537-8F51-3763A73E8E52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4704D411-7B24-4B1F-9D40-A39A178FF873",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3091701-9B7C-4494-A82E-6E6F64656D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "541BCA04-0500-4388-9140-55C17E17EB15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E11431F6-8C9D-40E1-84F6-CD25147DB15E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DC3D824-585E-49F1-9E44-902F5C7D57D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2097221B-46C2-480C-8D79-54080186BB58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5CEC430-8CFF-4DC5-9B2B-338C401B1984",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2DAA60D-F9B4-4045-81C2-29AD913E7BF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "547CC163-57F9-4418-BFB1-0E688DEEE0BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A274912-B16F-4B91-8CC0-E5CEED04B678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.1-x86:*:*:*:*:*:*:*",
                     matchCriteriaId: "C679AA53-3BFF-419B-968F-19C285920049",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA84D0DE-B63F-41E4-AB04-70D2F5134D46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.2-x86:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E776B44-557C-491C-88B2-A2B757E6D4B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5552C7B3-5D56-4858-B138-F49CD1F90513",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F7E11DD-6AFC-4271-92D5-FB41CA6E1B52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA23D0EC-6014-4303-962A-1936EFCE3D16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.10.5-x86:*:*:*:*:*:*:*",
                     matchCriteriaId: "C10EE9B1-2B6B-47B1-A153-CC296385BB9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8BA54B99-2FF1-432F-9587-8F384323CADE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "39F59B50-BC97-43B3-BC15-C767F420291E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B25626-7C72-4BAE-85FF-415A5F376A00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "31E092EF-D7F6-4160-B928-3C3EA1198B33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "185A2FAD-5541-4439-924B-406BD33E6FA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "854F260C-4C7D-4855-8644-4B6DC7CD5657",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "07E877F8-3623-4295-816F-7EE4FFDE1599",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "86E711C7-37EE-4957-BD49-FA08103357BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "A964A74F-CC0E-4E2E-8DBB-858A66EA2566",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8150D656-9B13-49D0-9960-4C78E057AB26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0161F845-C5F4-4318-949A-499A4062FB78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C42F577F-264C-4F8F-955A-67743965AB8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.",
      },
      {
         lang: "es",
         value: "La implementación DTLS en GnuTLS v3.0.10 y anteriores ejecuta codigo de gestion de errores sólo si existe una relación específica entre la longitud de relleno y el tamaño del texto cifrado, lo que facilita a los atacantes remotos a la hora de recuperar parte del texto a través de un ataque de temporizacion en canal fisico. Se trata deproblema relacionado con CVE-2011-4108.",
      },
   ],
   id: "CVE-2012-0390",
   lastModified: "2024-11-21T01:34:53.377",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-01-06T01:55:01.080",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.isg.rhul.ac.uk/~kp/dtls.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/57260",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.isg.rhul.ac.uk/~kp/dtls.pdf",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2006-09-14 19:07
Modified
2024-11-21 00:16
Severity ?
Summary
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
References
secalert@redhat.comhttp://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
secalert@redhat.comhttp://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html
secalert@redhat.comhttp://secunia.com/advisories/21937
secalert@redhat.comhttp://secunia.com/advisories/21942
secalert@redhat.comhttp://secunia.com/advisories/21973
secalert@redhat.comhttp://secunia.com/advisories/22049
secalert@redhat.comhttp://secunia.com/advisories/22080
secalert@redhat.comhttp://secunia.com/advisories/22084
secalert@redhat.comhttp://secunia.com/advisories/22097
secalert@redhat.comhttp://secunia.com/advisories/22226
secalert@redhat.comhttp://secunia.com/advisories/22992
secalert@redhat.comhttp://secunia.com/advisories/25762
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200609-15.xml
secalert@redhat.comhttp://securitytracker.com/id?1016844
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1
secalert@redhat.comhttp://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
secalert@redhat.comhttp://www.debian.org/security/2006/dsa-1182
secalert@redhat.comhttp://www.gnu.org/software/gnutls/security.htmlPatch
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:166
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_23_sr.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2006-0680.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/20027
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-348-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/3635
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/3899
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/2289
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/28953
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937
af854a3a-2127-422b-91ae-364da2661108http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
af854a3a-2127-422b-91ae-364da2661108http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21937
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21942
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21973
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22049
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22080
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22084
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22097
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22226
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22992
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25762
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200609-15.xml
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016844
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1182
af854a3a-2127-422b-91ae-364da2661108http://www.gnu.org/software/gnutls/security.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:166
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_23_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0680.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20027
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-348-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3635
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3899
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2289
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28953
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937
Impacted products
Vendor Product Version
gnu gnutls 1.0.17
gnu gnutls 1.0.18
gnu gnutls 1.0.19
gnu gnutls 1.0.20
gnu gnutls 1.0.21
gnu gnutls 1.0.22
gnu gnutls 1.0.23
gnu gnutls 1.0.24
gnu gnutls 1.0.25
gnu gnutls 1.1.14
gnu gnutls 1.1.15
gnu gnutls 1.1.16
gnu gnutls 1.1.17
gnu gnutls 1.1.18
gnu gnutls 1.1.19
gnu gnutls 1.1.20
gnu gnutls 1.1.21
gnu gnutls 1.1.22
gnu gnutls 1.1.23
gnu gnutls 1.2.0
gnu gnutls 1.2.1
gnu gnutls 1.2.2
gnu gnutls 1.2.3
gnu gnutls 1.2.4
gnu gnutls 1.2.5
gnu gnutls 1.2.6
gnu gnutls 1.2.7
gnu gnutls 1.2.8
gnu gnutls 1.2.8.1a1
gnu gnutls 1.2.9
gnu gnutls 1.2.10
gnu gnutls 1.2.11
gnu gnutls 1.3.0
gnu gnutls 1.3.1
gnu gnutls 1.3.2
gnu gnutls 1.3.3
gnu gnutls 1.3.4
gnu gnutls 1.3.5
gnu gnutls 1.4.0
gnu gnutls 1.4.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "754A0D19-A17A-4007-8355-497D14CFCBF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8140DBE1-8116-4051-9A57-07535586E0AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1CC840D-AD01-4EE2-8652-06742A6286BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
                     matchCriteriaId: "84224A82-6D58-4000-A449-20C1632DAE85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
                     matchCriteriaId: "A466931C-769A-4A28-B072-10930CE655E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F621DC-7967-4D97-A562-02E7033C89C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "776E5481-399F-45BC-AD20-A18508B03916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "63D7F972-9128-4A4D-8508-B38CE2F155E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "54FE4766-32D0-491E-8C71-5B998C468142",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F980857-2364-466A-8366-BD017D242222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2E649D-5C45-4412-927B-E3EDCE07587C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "052B40C1-C29B-4189-9A45-DAE873AB716D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "61D05BC3-1315-4AC7-884D-41459272C94B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "738F29DA-9741-4BA5-B370-417443A3AC2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "52173492-1031-4AA4-A600-6210581059D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB636C36-2884-4F66-B68A-4494AEAF90C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9200C3-0F46-4238-918B-38D95BF11547",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B84A4F5-CED7-4633-913F-BE8235F68616",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DB6EC88-DCE0-439B-89CD-18229965849B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.",
      },
      {
         lang: "es",
         value: "verify.c en GnuTLS anterior a 1.4.4, cuando usamos una llave RSA con exponente 3, no maneja   correctamente el exceso de datos en el campo  digestAlgorithm.parameters al generar un hash, el cual permite a un atacante remoto falsificar una firma PKCS #1 v1.5 que es firmada por esa llave RSA y evita que GnuTLS verifique correctamente X.509 y otros certificados que utilicen PKCS, es una variante de CVE-2006-4339.",
      },
   ],
   id: "CVE-2006-4790",
   lastModified: "2024-11-21T00:16:46.053",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2006-09-14T19:07:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/21937",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/21942",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/21973",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/22049",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/22080",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/22084",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/22097",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/22226",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/22992",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/25762",
      },
      {
         source: "secalert@redhat.com",
         url: "http://security.gentoo.org/glsa/glsa-200609-15.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securitytracker.com/id?1016844",
      },
      {
         source: "secalert@redhat.com",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2006/dsa-1182",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:166",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_23_sr.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2006-0680.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/20027",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/usn-348-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2006/3635",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2006/3899",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2007/2289",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/28953",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/21937",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/21942",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/21973",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/22049",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/22080",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/22084",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/22097",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/22226",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/22992",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/25762",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200609-15.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1016844",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2006/dsa-1182",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.gnu.org/software/gnutls/security.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:166",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_23_sr.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2006-0680.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/20027",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-348-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2006/3635",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2006/3899",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2007/2289",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/28953",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vendorComments: [
      {
         comment: "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
         lastModified: "2007-03-14T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-03 13:15
Modified
2024-11-21 04:58
Summary
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.htmlThird Party Advisory
cve@mitre.orghttps://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2Patch, Third Party Advisory
cve@mitre.orghttps://gitlab.com/gnutls/gnutls/-/issues/960Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/
cve@mitre.orghttps://security.gentoo.org/glsa/202004-06Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200416-0002/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4322-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2020/dsa-4652Third Party Advisory
cve@mitre.orghttps://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/-/issues/960Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202004-06Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200416-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4322-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4652Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31Vendor Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFED3757-264B-4E8D-B6DD-4E0B47E3BCC1",
                     versionEndExcluding: "3.6.13",
                     versionStartIncluding: "3.6.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.",
      },
      {
         lang: "es",
         value: "GnuTLS versiones 3.6.x anteriores a 3.6.13, usa una criptografía incorrecta para DTLS. La primera versión afectada es 3.6.3 (16-07-2018) debido a un error en un commit del 06-10-2017. El cliente DTLS siempre usa 32 bytes \"\\0\" en lugar de un valor aleatorio y, por lo tanto, no contribuye con la aleatoriedad en una negociación DTLS. Esto rompe las garantías de seguridad del protocolo DTLS.",
      },
   ],
   id: "CVE-2020-11501",
   lastModified: "2024-11-21T04:58:01.673",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-03T13:15:13.170",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/issues/960",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202004-06",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200416-0002/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4322-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4652",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/issues/960",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202004-06",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200416-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4322-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2020/dsa-4652",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-330",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-03-12 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
References
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1922275Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20210416-0005/Third Party Advisory
secalert@redhat.comhttps://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1922275Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210416-0005/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10Vendor Advisory
Impacted products
Vendor Product Version
gnu gnutls *
redhat enterprise_linux 8.0
fedoraproject fedora 34



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "66BC7206-28E1-4A23-9701-78ABEA79D0C5",
                     versionEndExcluding: "3.7.1",
                     versionStartIncluding: "3.6.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.",
      },
      {
         lang: "es",
         value: "Se encontró un defecto en gnutls.&#xa0;Un uso de la memoria previamente liberada en la función client_send_params en la biblioteca lib/ext/pre_shared_key.c puede conllevar a una corrupción en la memoria y otras potenciales consecuencias",
      },
   ],
   id: "CVE-2021-20232",
   lastModified: "2024-11-21T05:46:10.853",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-03-12T19:15:13.130",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922275",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20210416-0005/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922275",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20210416-0005/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-08-08 21:29
Modified
2024-11-21 02:52
Summary
The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.
Impacted products
Vendor Product Version
gnu gnutls 3.4.12



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:3.4.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BB87842-8AED-4110-807B-AD8BC3B840BE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The \"GNUTLS_KEYLOGFILE\" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.",
      },
      {
         lang: "es",
         value: "La variable de entorno \"GNUTLS_KEYLOGFILE\" en gnutls 3.4.12 permite que atacantes remotos sobrescriban y corrompan archivos arbitrarios en el sistema de archivos.",
      },
   ],
   id: "CVE-2016-4456",
   lastModified: "2024-11-21T02:52:15.107",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-08-08T21:29:00.407",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/06/07/6",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343505",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/06/07/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343505",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-06-05 20:55
Modified
2024-11-21 02:08
Severity ?
Summary
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0247.htmlThird Party Advisory
secalert@redhat.comhttp://linux.oracle.com/errata/ELSA-2014-0594.htmlThird Party Advisory
secalert@redhat.comhttp://linux.oracle.com/errata/ELSA-2014-0596.htmlThird Party Advisory
secalert@redhat.comhttp://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0594.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0596.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0687.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0815.htmlThird Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/58591Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/58614Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59021Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59057Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59408Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/60320Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/60415Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/61888Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3056Third Party Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:116Third Party Advisory
secalert@redhat.comhttp://www.novell.com/support/kb/doc.php?id=7015302Third Party Advisory
secalert@redhat.comhttp://www.novell.com/support/kb/doc.php?id=7015303Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1102329Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0247.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-0594.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-0596.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0594.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0596.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0687.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0815.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58591Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58614Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59021Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59057Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59408Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60320Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60415Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61888Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3056Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:116Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/kb/doc.php?id=7015302Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/kb/doc.php?id=7015303Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1102329Issue Tracking, Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77216B5D-E820-4137-B00F-0B66CD08EEE1",
                     versionEndExcluding: "3.5.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2350B15F-7A7A-4BCD-852D-F9999C61DEDF",
                     versionEndExcluding: "3.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "37BA55FC-D350-4DEB-9802-40AF59C99E79",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "569964DA-31BE-4520-A66D-C3B09D557AB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "807C024A-F8E8-4B48-A349-4C68CD252CA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "F96E3779-F56A-45FF-BB3D-4980527D721E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "3ED68ADD-BBDA-4485-BC76-58F011D72311",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "A3A907A3-2A3A-46D4-8D75-914649877B65",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
                     matchCriteriaId: "67960FB9-13D1-4DEE-8158-31BF31BCBE6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
                     matchCriteriaId: "CB6476C7-03F2-4939-AB85-69AA524516D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
                     matchCriteriaId: "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
                     matchCriteriaId: "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.",
      },
      {
         lang: "es",
         value: "Las funciones (1) asn1_read_value_type y (2) asn1_read_value en GNU Libtasn1 anterior a 3.6 permite a atacantes dependientes de contexto causar una denegación de servicio (referencia de puntero nulo y caída) a través de un valor nulo en un argumento ivalue.",
      },
   ],
   id: "CVE-2014-3469",
   lastModified: "2024-11-21T02:08:10.027",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-06-05T20:55:06.347",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://advisories.mageia.org/MGASA-2014-0247.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/58591",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/58614",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59021",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59057",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59408",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/60320",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/60415",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/61888",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2014/dsa-3056",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.novell.com/support/kb/doc.php?id=7015302",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.novell.com/support/kb/doc.php?id=7015303",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102329",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://advisories.mageia.org/MGASA-2014-0247.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/58591",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/58614",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59021",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/59408",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/60320",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/60415",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://secunia.com/advisories/61888",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2014/dsa-3056",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.novell.com/support/kb/doc.php?id=7015302",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.novell.com/support/kb/doc.php?id=7015303",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102329",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2024-01-16 12:15
Modified
2024-11-21 08:46
Summary
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0533
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0627
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0796
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1082
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1108
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1383
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2094
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2024-0553Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2258412Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://gitlab.com/gnutls/gnutls/-/issues/1522Exploit, Issue Tracking, Vendor Advisory
secalert@redhat.comhttps://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/01/19/3
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0533
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0627
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0796
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1082
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1108
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1383
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2094
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2024-0553Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2258412Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/gnutls/gnutls/-/issues/1522Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
af854a3a-2127-422b-91ae-364da2661108https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240202-0011/
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4950F54-4C00-423E-9483-239B4B907912",
                     versionEndExcluding: "3.8.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad en GnuTLS. Los tiempos de respuesta a textos cifrados con formato incorrecto en RSA-PSK ClientKeyExchange difieren de los tiempos de respuesta de textos cifrados con el relleno PKCS#1 v1.5 correcto. Este problema puede permitir que un atacante remoto realice un ataque de canal lateral de sincronización en el intercambio de claves RSA-PSK, lo que podría provocar la fuga de datos confidenciales. CVE-2024-0553 está designado como una resolución incompleta para CVE-2023-5981.",
      },
   ],
   id: "CVE-2024-0553",
   lastModified: "2024-11-21T08:46:51.507",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-01-16T12:15:45.557",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:0533",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:0627",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:0796",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:1082",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:1108",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:1383",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:2094",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-0553",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258412",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/issues/1522",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2024/01/19/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:0533",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:0627",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:0796",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:1082",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:1108",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:1383",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:2094",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-0553",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258412",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://gitlab.com/gnutls/gnutls/-/issues/1522",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240202-0011/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-203",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-203",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2011-4128
Vulnerability from cvelistv5
Published
2011-12-08 20:00
Modified
2024-08-07 00:01
Severity ?
Summary
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T00:01:51.259Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "USN-1418-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1418-1",
               },
               {
                  name: "RHSA-2012:0531",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=e82ef4545e9e98cbcb032f55d7c750b81e3a0450",
               },
               {
                  name: "[oss-security] 20111108 CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2011/11/09/2",
               },
               {
                  name: "48712",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48712",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnu.org/software/gnutls/security.html",
               },
               {
                  name: "FEDORA-2012-4569",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=752308",
               },
               {
                  name: "RHSA-2012:0488",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
               },
               {
                  name: "48596",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48596",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=190cef6eed37d0e73a73c1e205eb31d45ab60a3c",
               },
               {
                  name: "MDVSA-2012:045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:045",
               },
               {
                  name: "[gnutls-devel] 20111108 Possible buffer overflow on gnutls_session_get_data",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596",
               },
               {
                  name: "[oss-security] 20111109 Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2011/11/09/4",
               },
               {
                  name: "RHSA-2012:0429",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-0429.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2011-11-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-12-28T20:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "USN-1418-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1418-1",
            },
            {
               name: "RHSA-2012:0531",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=e82ef4545e9e98cbcb032f55d7c750b81e3a0450",
            },
            {
               name: "[oss-security] 20111108 CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openwall.com/lists/oss-security/2011/11/09/2",
            },
            {
               name: "48712",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48712",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnu.org/software/gnutls/security.html",
            },
            {
               name: "FEDORA-2012-4569",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=752308",
            },
            {
               name: "RHSA-2012:0488",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
            },
            {
               name: "48596",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48596",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=190cef6eed37d0e73a73c1e205eb31d45ab60a3c",
            },
            {
               name: "MDVSA-2012:045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:045",
            },
            {
               name: "[gnutls-devel] 20111108 Possible buffer overflow on gnutls_session_get_data",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596",
            },
            {
               name: "[oss-security] 20111109 Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openwall.com/lists/oss-security/2011/11/09/4",
            },
            {
               name: "RHSA-2012:0429",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-0429.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2011-4128",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "USN-1418-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-1418-1",
                  },
                  {
                     name: "RHSA-2012:0531",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
                  },
                  {
                     name: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450",
                     refsource: "CONFIRM",
                     url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450",
                  },
                  {
                     name: "[oss-security] 20111108 CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)",
                     refsource: "MLIST",
                     url: "http://openwall.com/lists/oss-security/2011/11/09/2",
                  },
                  {
                     name: "48712",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/48712",
                  },
                  {
                     name: "http://www.gnu.org/software/gnutls/security.html",
                     refsource: "CONFIRM",
                     url: "http://www.gnu.org/software/gnutls/security.html",
                  },
                  {
                     name: "FEDORA-2012-4569",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=752308",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=752308",
                  },
                  {
                     name: "RHSA-2012:0488",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
                  },
                  {
                     name: "48596",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/48596",
                  },
                  {
                     name: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c",
                     refsource: "CONFIRM",
                     url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c",
                  },
                  {
                     name: "MDVSA-2012:045",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:045",
                  },
                  {
                     name: "[gnutls-devel] 20111108 Possible buffer overflow on gnutls_session_get_data",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596",
                  },
                  {
                     name: "[oss-security] 20111109 Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)",
                     refsource: "MLIST",
                     url: "http://openwall.com/lists/oss-security/2011/11/09/4",
                  },
                  {
                     name: "RHSA-2012:0429",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2012-0429.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2011-4128",
      datePublished: "2011-12-08T20:00:00",
      dateReserved: "2011-10-18T00:00:00",
      dateUpdated: "2024-08-07T00:01:51.259Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-5337
Vulnerability from cvelistv5
Published
2017-03-24 15:00
Modified
2024-08-05 14:55
Severity ?
Summary
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T14:55:35.701Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
               },
               {
                  name: "RHSA-2017:2292",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2292",
               },
               {
                  name: "1037576",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037576",
               },
               {
                  name: "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
               },
               {
                  name: "openSUSE-SU-2017:0386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
               },
               {
                  name: "95372",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/95372",
               },
               {
                  name: "RHSA-2017:0574",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
               },
               {
                  name: "GLSA-201702-04",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201702-04",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-01-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            shortName: "debian",
         },
         references: [
            {
               name: "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
            },
            {
               name: "RHSA-2017:2292",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2292",
            },
            {
               name: "1037576",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1037576",
            },
            {
               name: "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
            },
            {
               name: "openSUSE-SU-2017:0386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
            },
            {
               name: "95372",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/95372",
            },
            {
               name: "RHSA-2017:0574",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
            },
            {
               name: "GLSA-201702-04",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201702-04",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@debian.org",
               ID: "CVE-2017-5337",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
                  },
                  {
                     name: "RHSA-2017:2292",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2292",
                  },
                  {
                     name: "1037576",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1037576",
                  },
                  {
                     name: "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
                  },
                  {
                     name: "openSUSE-SU-2017:0386",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
                  },
                  {
                     name: "95372",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/95372",
                  },
                  {
                     name: "RHSA-2017:0574",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
                  },
                  {
                     name: "GLSA-201702-04",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201702-04",
                  },
                  {
                     name: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
                     refsource: "CONFIRM",
                     url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a",
                     refsource: "CONFIRM",
                     url: "https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a",
                  },
                  {
                     name: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338",
                  },
                  {
                     name: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
      assignerShortName: "debian",
      cveId: "CVE-2017-5337",
      datePublished: "2017-03-24T15:00:00",
      dateReserved: "2017-01-10T00:00:00",
      dateUpdated: "2024-08-05T14:55:35.701Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2008-4989
Vulnerability from cvelistv5
Published
2008-11-13 00:00
Modified
2024-08-07 10:31
Severity ?
Summary
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
References
http://www.mandriva.com/security/advisories?name=MDVSA-2008:227vendor-advisory, x_refsource_MANDRIVA
http://www.ubuntu.com/usn/usn-678-2vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/33694third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200901-10.xmlvendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2008-0982.htmlvendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/678-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/archive/1/498431/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215mailing-list, x_refsource_MLIST
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217mailing-list, x_refsource_MLIST
http://wiki.rpath.com/Advisories:rPSA-2008-0322x_refsource_CONFIRM
http://secunia.com/advisories/32687third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.htmlvendor-advisory, x_refsource_FEDORA
http://www.gnu.org/software/gnutls/security.htmlx_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-2886x_refsource_CONFIRM
http://secunia.com/advisories/35423third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/32232vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1021167vdb-entry, x_refsource_SECTRACK
http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/33501third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/32879third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1567vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/32619third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/3086vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/32681third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlvendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650vdb-entry, signature, x_refsource_OVAL
http://www.debian.org/security/2009/dsa-1719vendor-advisory, x_refsource_DEBIAN
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.htmlvendor-advisory, x_refsource_FEDORA
https://exchange.xforce.ibmcloud.com/vulnerabilities/46482vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T10:31:28.318Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "MDVSA-2008:227",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:227",
               },
               {
                  name: "USN-678-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-678-2",
               },
               {
                  name: "33694",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/33694",
               },
               {
                  name: "GLSA-200901-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200901-10.xml",
               },
               {
                  name: "RHSA-2008:0982",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2008-0982.html",
               },
               {
                  name: "USN-678-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/678-1/",
               },
               {
                  name: "20081117 rPSA-2008-0322-1 gnutls",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/498431/100/0/threaded",
               },
               {
                  name: "[gnutls-devel] 20081110 GnuTLS 2.6.1 - Security release [GNUTLS-SA-2008-3]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215",
               },
               {
                  name: "[gnutls-devel] 20081110 Analysis of vulnerability GNUTLS-SA-2008-3 CVE-2008-4989",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://wiki.rpath.com/Advisories:rPSA-2008-0322",
               },
               {
                  name: "32687",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/32687",
               },
               {
                  name: "FEDORA-2008-9600",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnu.org/software/gnutls/security.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.rpath.com/browse/RPL-2886",
               },
               {
                  name: "35423",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/35423",
               },
               {
                  name: "SUSE-SR:2008:027",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html",
               },
               {
                  name: "32232",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/32232",
               },
               {
                  name: "1021167",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1021167",
               },
               {
                  name: "260528",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1",
               },
               {
                  name: "33501",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/33501",
               },
               {
                  name: "32879",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/32879",
               },
               {
                  name: "ADV-2009-1567",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/1567",
               },
               {
                  name: "32619",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/32619",
               },
               {
                  name: "ADV-2008-3086",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/3086",
               },
               {
                  name: "32681",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/32681",
               },
               {
                  name: "SUSE-SR:2009:009",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html",
               },
               {
                  name: "oval:org.mitre.oval:def:11650",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650",
               },
               {
                  name: "DSA-1719",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2009/dsa-1719",
               },
               {
                  name: "FEDORA-2008-9530",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.html",
               },
               {
                  name: "gnutls-x509-name-spoofing(46482)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46482",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-11-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-11T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "MDVSA-2008:227",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:227",
            },
            {
               name: "USN-678-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-678-2",
            },
            {
               name: "33694",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/33694",
            },
            {
               name: "GLSA-200901-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200901-10.xml",
            },
            {
               name: "RHSA-2008:0982",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2008-0982.html",
            },
            {
               name: "USN-678-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/678-1/",
            },
            {
               name: "20081117 rPSA-2008-0322-1 gnutls",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/498431/100/0/threaded",
            },
            {
               name: "[gnutls-devel] 20081110 GnuTLS 2.6.1 - Security release [GNUTLS-SA-2008-3]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215",
            },
            {
               name: "[gnutls-devel] 20081110 Analysis of vulnerability GNUTLS-SA-2008-3 CVE-2008-4989",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://wiki.rpath.com/Advisories:rPSA-2008-0322",
            },
            {
               name: "32687",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/32687",
            },
            {
               name: "FEDORA-2008-9600",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnu.org/software/gnutls/security.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.rpath.com/browse/RPL-2886",
            },
            {
               name: "35423",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/35423",
            },
            {
               name: "SUSE-SR:2008:027",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html",
            },
            {
               name: "32232",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/32232",
            },
            {
               name: "1021167",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1021167",
            },
            {
               name: "260528",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1",
            },
            {
               name: "33501",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/33501",
            },
            {
               name: "32879",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/32879",
            },
            {
               name: "ADV-2009-1567",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/1567",
            },
            {
               name: "32619",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/32619",
            },
            {
               name: "ADV-2008-3086",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/3086",
            },
            {
               name: "32681",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/32681",
            },
            {
               name: "SUSE-SR:2009:009",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html",
            },
            {
               name: "oval:org.mitre.oval:def:11650",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650",
            },
            {
               name: "DSA-1719",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2009/dsa-1719",
            },
            {
               name: "FEDORA-2008-9530",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.html",
            },
            {
               name: "gnutls-x509-name-spoofing(46482)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46482",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2008-4989",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "MDVSA-2008:227",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:227",
                  },
                  {
                     name: "USN-678-2",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/usn-678-2",
                  },
                  {
                     name: "33694",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/33694",
                  },
                  {
                     name: "GLSA-200901-10",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200901-10.xml",
                  },
                  {
                     name: "RHSA-2008:0982",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2008-0982.html",
                  },
                  {
                     name: "USN-678-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/678-1/",
                  },
                  {
                     name: "20081117 rPSA-2008-0322-1 gnutls",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/498431/100/0/threaded",
                  },
                  {
                     name: "[gnutls-devel] 20081110 GnuTLS 2.6.1 - Security release [GNUTLS-SA-2008-3]",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215",
                  },
                  {
                     name: "[gnutls-devel] 20081110 Analysis of vulnerability GNUTLS-SA-2008-3 CVE-2008-4989",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217",
                  },
                  {
                     name: "http://wiki.rpath.com/Advisories:rPSA-2008-0322",
                     refsource: "CONFIRM",
                     url: "http://wiki.rpath.com/Advisories:rPSA-2008-0322",
                  },
                  {
                     name: "32687",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/32687",
                  },
                  {
                     name: "FEDORA-2008-9600",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.html",
                  },
                  {
                     name: "http://www.gnu.org/software/gnutls/security.html",
                     refsource: "CONFIRM",
                     url: "http://www.gnu.org/software/gnutls/security.html",
                  },
                  {
                     name: "https://issues.rpath.com/browse/RPL-2886",
                     refsource: "CONFIRM",
                     url: "https://issues.rpath.com/browse/RPL-2886",
                  },
                  {
                     name: "35423",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/35423",
                  },
                  {
                     name: "SUSE-SR:2008:027",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html",
                  },
                  {
                     name: "32232",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/32232",
                  },
                  {
                     name: "1021167",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1021167",
                  },
                  {
                     name: "260528",
                     refsource: "SUNALERT",
                     url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1",
                  },
                  {
                     name: "33501",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/33501",
                  },
                  {
                     name: "32879",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/32879",
                  },
                  {
                     name: "ADV-2009-1567",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2009/1567",
                  },
                  {
                     name: "32619",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/32619",
                  },
                  {
                     name: "ADV-2008-3086",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/3086",
                  },
                  {
                     name: "32681",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/32681",
                  },
                  {
                     name: "SUSE-SR:2009:009",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:11650",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11650",
                  },
                  {
                     name: "DSA-1719",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2009/dsa-1719",
                  },
                  {
                     name: "FEDORA-2008-9530",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.html",
                  },
                  {
                     name: "gnutls-x509-name-spoofing(46482)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46482",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2008-4989",
      datePublished: "2008-11-13T00:00:00",
      dateReserved: "2008-11-06T00:00:00",
      dateUpdated: "2024-08-07T10:31:28.318Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-2531
Vulnerability from cvelistv5
Published
2005-10-25 04:00
Modified
2024-08-08 01:29
Severity ?
Summary
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
References
http://securitytracker.com/id?1010838vdb-entry, x_refsource_SECTRACK
http://www.osvdb.org/8278vdb-entry, x_refsource_OSVDB
http://www.hornik.sk/SA/SA-20040802.txtx_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/16858vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/10839vdb-entry, x_refsource_BID
http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/12156third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T01:29:13.816Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1010838",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1010838",
               },
               {
                  name: "8278",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/8278",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.hornik.sk/SA/SA-20040802.txt",
               },
               {
                  name: "gnutls-rsa-key-size-dos(16858)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16858",
               },
               {
                  name: "10839",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/10839",
               },
               {
                  name: "[gnutls-dev] 20040802 gnutls 1.0.17",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.html",
               },
               {
                  name: "12156",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/12156",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "1010838",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1010838",
            },
            {
               name: "8278",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/8278",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.hornik.sk/SA/SA-20040802.txt",
            },
            {
               name: "gnutls-rsa-key-size-dos(16858)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16858",
            },
            {
               name: "10839",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/10839",
            },
            {
               name: "[gnutls-dev] 20040802 gnutls 1.0.17",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.html",
            },
            {
               name: "12156",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/12156",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-2531",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1010838",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1010838",
                  },
                  {
                     name: "8278",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/8278",
                  },
                  {
                     name: "http://www.hornik.sk/SA/SA-20040802.txt",
                     refsource: "MISC",
                     url: "http://www.hornik.sk/SA/SA-20040802.txt",
                  },
                  {
                     name: "gnutls-rsa-key-size-dos(16858)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16858",
                  },
                  {
                     name: "10839",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/10839",
                  },
                  {
                     name: "[gnutls-dev] 20040802 gnutls 1.0.17",
                     refsource: "MLIST",
                     url: "http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.html",
                  },
                  {
                     name: "12156",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/12156",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-2531",
      datePublished: "2005-10-25T04:00:00",
      dateReserved: "2005-10-25T00:00:00",
      dateUpdated: "2024-08-08T01:29:13.816Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2006-7239
Vulnerability from cvelistv5
Published
2010-05-24 19:00
Modified
2024-08-07 20:57
Severity ?
Summary
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T20:57:41.045Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnu.org/software/gnutls/security.html",
               },
               {
                  name: "[gnutls-dev] 20060812 GnuTLS 1.4.2",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html",
               },
               {
                  name: "[gnutls-dev] 20060812 Re: [Fwd: crash in GNUTLS-1.4.0]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2010-05-24T19:00:00Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnu.org/software/gnutls/security.html",
            },
            {
               name: "[gnutls-dev] 20060812 GnuTLS 1.4.2",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001192.html",
            },
            {
               name: "[gnutls-dev] 20060812 Re: [Fwd: crash in GNUTLS-1.4.0]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2006-7239",
      datePublished: "2010-05-24T19:00:00Z",
      dateReserved: "2010-05-24T00:00:00Z",
      dateUpdated: "2024-08-07T20:57:41.045Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3467
Vulnerability from cvelistv5
Published
2014-06-05 20:00
Modified
2024-08-06 10:43
Severity ?
Summary
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
References
http://secunia.com/advisories/60320third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-3056vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/support/kb/doc.php?id=7015302x_refsource_CONFIRM
http://secunia.com/advisories/59057third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.htmlx_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-0596.htmlx_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:116vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/59021third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61888third-party-advisory, x_refsource_SECUNIA
http://advisories.mageia.org/MGASA-2014-0247.htmlx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0815.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-0596.htmlvendor-advisory, x_refsource_REDHAT
http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlmailing-list, x_refsource_MLIST
http://www.novell.com/support/kb/doc.php?id=7015303x_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-0594.htmlx_refsource_CONFIRM
http://secunia.com/advisories/58591third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0687.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/58614third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1102022x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2014-0594.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/60415third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59408third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:43:06.499Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "60320",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/60320",
               },
               {
                  name: "DSA-3056",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-3056",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/support/kb/doc.php?id=7015302",
               },
               {
                  name: "59057",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59057",
               },
               {
                  name: "SUSE-SU-2014:0758",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
               },
               {
                  name: "MDVSA-2015:116",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
               },
               {
                  name: "59021",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59021",
               },
               {
                  name: "61888",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/61888",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0247.html",
               },
               {
                  name: "RHSA-2014:0815",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
               },
               {
                  name: "RHSA-2014:0596",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
               },
               {
                  name: "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/support/kb/doc.php?id=7015303",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
               },
               {
                  name: "58591",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/58591",
               },
               {
                  name: "RHSA-2014:0687",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
               },
               {
                  name: "58614",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/58614",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102022",
               },
               {
                  name: "SUSE-SU-2014:0788",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
               },
               {
                  name: "RHSA-2014:0594",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
               },
               {
                  name: "60415",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/60415",
               },
               {
                  name: "59408",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59408",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-05-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-12-28T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "60320",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/60320",
            },
            {
               name: "DSA-3056",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2014/dsa-3056",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.novell.com/support/kb/doc.php?id=7015302",
            },
            {
               name: "59057",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59057",
            },
            {
               name: "SUSE-SU-2014:0758",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
            },
            {
               name: "MDVSA-2015:116",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
            },
            {
               name: "59021",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59021",
            },
            {
               name: "61888",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/61888",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0247.html",
            },
            {
               name: "RHSA-2014:0815",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
            },
            {
               name: "RHSA-2014:0596",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
            },
            {
               name: "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.novell.com/support/kb/doc.php?id=7015303",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
            },
            {
               name: "58591",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/58591",
            },
            {
               name: "RHSA-2014:0687",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
            },
            {
               name: "58614",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/58614",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102022",
            },
            {
               name: "SUSE-SU-2014:0788",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
            },
            {
               name: "RHSA-2014:0594",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
            },
            {
               name: "60415",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/60415",
            },
            {
               name: "59408",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59408",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2014-3467",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "60320",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/60320",
                  },
                  {
                     name: "DSA-3056",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2014/dsa-3056",
                  },
                  {
                     name: "http://www.novell.com/support/kb/doc.php?id=7015302",
                     refsource: "CONFIRM",
                     url: "http://www.novell.com/support/kb/doc.php?id=7015302",
                  },
                  {
                     name: "59057",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59057",
                  },
                  {
                     name: "SUSE-SU-2014:0758",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
                  },
                  {
                     name: "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
                     refsource: "CONFIRM",
                     url: "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
                  },
                  {
                     name: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                     refsource: "CONFIRM",
                     url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                  },
                  {
                     name: "MDVSA-2015:116",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
                  },
                  {
                     name: "59021",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59021",
                  },
                  {
                     name: "61888",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/61888",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0247.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0247.html",
                  },
                  {
                     name: "RHSA-2014:0815",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
                  },
                  {
                     name: "RHSA-2014:0596",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
                  },
                  {
                     name: "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
                  },
                  {
                     name: "http://www.novell.com/support/kb/doc.php?id=7015303",
                     refsource: "CONFIRM",
                     url: "http://www.novell.com/support/kb/doc.php?id=7015303",
                  },
                  {
                     name: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                     refsource: "CONFIRM",
                     url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                  },
                  {
                     name: "58591",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/58591",
                  },
                  {
                     name: "RHSA-2014:0687",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
                  },
                  {
                     name: "58614",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/58614",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1102022",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102022",
                  },
                  {
                     name: "SUSE-SU-2014:0788",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
                  },
                  {
                     name: "RHSA-2014:0594",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
                  },
                  {
                     name: "60415",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/60415",
                  },
                  {
                     name: "59408",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59408",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3467",
      datePublished: "2014-06-05T20:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:43:06.499Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-0361
Vulnerability from cvelistv5
Published
2023-02-15 00:00
Modified
2024-08-02 05:10
Severity ?
Summary
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Impacted products
Vendor Product Version
n/a gnutls Version: gnutls-3.7.6
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:10:55.597Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2023-0361",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/tlsfuzzer/tlsfuzzer/pull/679",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/-/issues/1050",
               },
               {
                  name: "[debian-lts-announce] 20230218 [SECURITY] [DLA 3321-1] gnutls28 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html",
               },
               {
                  name: "FEDORA-2023-1c4a6a47ae",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/",
               },
               {
                  name: "FEDORA-2023-5b378b82b3",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/",
               },
               {
                  name: "FEDORA-2023-4fc4c33f2b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230324-0005/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230725-0005/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "gnutls",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "gnutls-3.7.6",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "side-channel",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-25T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://access.redhat.com/security/cve/CVE-2023-0361",
            },
            {
               url: "https://github.com/tlsfuzzer/tlsfuzzer/pull/679",
            },
            {
               url: "https://gitlab.com/gnutls/gnutls/-/issues/1050",
            },
            {
               name: "[debian-lts-announce] 20230218 [SECURITY] [DLA 3321-1] gnutls28 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html",
            },
            {
               name: "FEDORA-2023-1c4a6a47ae",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/",
            },
            {
               name: "FEDORA-2023-5b378b82b3",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/",
            },
            {
               name: "FEDORA-2023-4fc4c33f2b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230324-0005/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230725-0005/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2023-0361",
      datePublished: "2023-02-15T00:00:00",
      dateReserved: "2023-01-18T00:00:00",
      dateUpdated: "2024-08-02T05:10:55.597Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-5334
Vulnerability from cvelistv5
Published
2017-03-24 15:00
Modified
2024-08-05 14:55
Severity ?
Summary
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T14:55:35.773Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
               },
               {
                  name: "RHSA-2017:2292",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2292",
               },
               {
                  name: "1037576",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037576",
               },
               {
                  name: "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gnutls.org/security.html#GNUTLS-SA-2017-1",
               },
               {
                  name: "openSUSE-SU-2017:0386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
               },
               {
                  name: "95370",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/95370",
               },
               {
                  name: "GLSA-201702-04",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201702-04",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-01-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            shortName: "debian",
         },
         references: [
            {
               name: "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
            },
            {
               name: "RHSA-2017:2292",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2292",
            },
            {
               name: "1037576",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1037576",
            },
            {
               name: "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gnutls.org/security.html#GNUTLS-SA-2017-1",
            },
            {
               name: "openSUSE-SU-2017:0386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
            },
            {
               name: "95370",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/95370",
            },
            {
               name: "GLSA-201702-04",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201702-04",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@debian.org",
               ID: "CVE-2017-5334",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
                  },
                  {
                     name: "RHSA-2017:2292",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2292",
                  },
                  {
                     name: "1037576",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1037576",
                  },
                  {
                     name: "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
                  },
                  {
                     name: "https://gnutls.org/security.html#GNUTLS-SA-2017-1",
                     refsource: "CONFIRM",
                     url: "https://gnutls.org/security.html#GNUTLS-SA-2017-1",
                  },
                  {
                     name: "openSUSE-SU-2017:0386",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
                  },
                  {
                     name: "95370",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/95370",
                  },
                  {
                     name: "GLSA-201702-04",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201702-04",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b",
                     refsource: "CONFIRM",
                     url: "https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
      assignerShortName: "debian",
      cveId: "CVE-2017-5334",
      datePublished: "2017-03-24T15:00:00",
      dateReserved: "2017-01-10T00:00:00",
      dateUpdated: "2024-08-05T14:55:35.773Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-5336
Vulnerability from cvelistv5
Published
2017-03-24 15:00
Modified
2024-08-05 14:55
Severity ?
Summary
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T14:55:35.805Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732",
               },
               {
                  name: "95377",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/95377",
               },
               {
                  name: "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
               },
               {
                  name: "RHSA-2017:2292",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2292",
               },
               {
                  name: "1037576",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037576",
               },
               {
                  name: "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
               },
               {
                  name: "openSUSE-SU-2017:0386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340",
               },
               {
                  name: "RHSA-2017:0574",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
               },
               {
                  name: "GLSA-201702-04",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201702-04",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-01-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            shortName: "debian",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732",
            },
            {
               name: "95377",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/95377",
            },
            {
               name: "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
            },
            {
               name: "RHSA-2017:2292",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2292",
            },
            {
               name: "1037576",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1037576",
            },
            {
               name: "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
            },
            {
               name: "openSUSE-SU-2017:0386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340",
            },
            {
               name: "RHSA-2017:0574",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
            },
            {
               name: "GLSA-201702-04",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201702-04",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@debian.org",
               ID: "CVE-2017-5336",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732",
                     refsource: "CONFIRM",
                     url: "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732",
                  },
                  {
                     name: "95377",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/95377",
                  },
                  {
                     name: "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
                  },
                  {
                     name: "RHSA-2017:2292",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2292",
                  },
                  {
                     name: "1037576",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1037576",
                  },
                  {
                     name: "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
                  },
                  {
                     name: "openSUSE-SU-2017:0386",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
                  },
                  {
                     name: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340",
                  },
                  {
                     name: "RHSA-2017:0574",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
                  },
                  {
                     name: "GLSA-201702-04",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201702-04",
                  },
                  {
                     name: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
                     refsource: "CONFIRM",
                     url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
      assignerShortName: "debian",
      cveId: "CVE-2017-5336",
      datePublished: "2017-03-24T15:00:00",
      dateReserved: "2017-01-10T00:00:00",
      dateUpdated: "2024-08-05T14:55:35.805Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-3308
Vulnerability from cvelistv5
Published
2015-09-02 14:00
Modified
2024-08-06 05:39
Severity ?
Summary
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T05:39:32.140Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "FEDORA-2015-5131",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html",
               },
               {
                  name: "[oss-security] 20150416 Re: double-free in gnutls (CRL distribution points parsing)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/04/16/6",
               },
               {
                  name: "USN-2727-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2727-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnutls.org/security.html#GNUTLS-SA-2015-4",
               },
               {
                  name: "74188",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/74188",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9",
               },
               {
                  name: "[oss-security] 20150415 double-free in gnutls (CRL distribution points parsing)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/04/15/6",
               },
               {
                  name: "GLSA-201506-03",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201506-03",
               },
               {
                  name: "1033774",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1033774",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-03-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-20T16:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "FEDORA-2015-5131",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html",
            },
            {
               name: "[oss-security] 20150416 Re: double-free in gnutls (CRL distribution points parsing)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/04/16/6",
            },
            {
               name: "USN-2727-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2727-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnutls.org/security.html#GNUTLS-SA-2015-4",
            },
            {
               name: "74188",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/74188",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9",
            },
            {
               name: "[oss-security] 20150415 double-free in gnutls (CRL distribution points parsing)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/04/15/6",
            },
            {
               name: "GLSA-201506-03",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201506-03",
            },
            {
               name: "1033774",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1033774",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-3308",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "FEDORA-2015-5131",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html",
                  },
                  {
                     name: "[oss-security] 20150416 Re: double-free in gnutls (CRL distribution points parsing)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/04/16/6",
                  },
                  {
                     name: "USN-2727-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2727-1",
                  },
                  {
                     name: "http://www.gnutls.org/security.html#GNUTLS-SA-2015-4",
                     refsource: "CONFIRM",
                     url: "http://www.gnutls.org/security.html#GNUTLS-SA-2015-4",
                  },
                  {
                     name: "74188",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/74188",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9",
                     refsource: "CONFIRM",
                     url: "https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9",
                  },
                  {
                     name: "[oss-security] 20150415 double-free in gnutls (CRL distribution points parsing)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/04/15/6",
                  },
                  {
                     name: "GLSA-201506-03",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201506-03",
                  },
                  {
                     name: "1033774",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1033774",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02",
                     refsource: "CONFIRM",
                     url: "https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-3308",
      datePublished: "2015-09-02T14:00:00",
      dateReserved: "2015-04-16T00:00:00",
      dateUpdated: "2024-08-06T05:39:32.140Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-2730
Vulnerability from cvelistv5
Published
2009-08-12 10:00
Modified
2024-08-07 05:59
Severity ?
Summary
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T05:59:57.016Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:8409",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409",
               },
               {
                  name: "1022777",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1022777",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
               },
               {
                  name: "[oss-security] 20090814 GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2009/08/14/6",
               },
               {
                  name: "RHSA-2009:1232",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2009-1232.html",
               },
               {
                  name: "SUSE-SR:2009:015",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html",
               },
               {
                  name: "36496",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36496",
               },
               {
                  name: "oval:org.mitre.oval:def:10778",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778",
               },
               {
                  name: "36266",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36266",
               },
               {
                  name: "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
               },
               {
                  name: "gnutls-cn-san-security-bypass(52404)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404",
               },
               {
                  name: "RHSA-2010:0095",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://rhn.redhat.com/errata/RHSA-2010-0095.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.network.gnutls.general/1733",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-08-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "libgnutls in GnuTLS before 2.8.2 does not properly handle a '\\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-10T18:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:8409",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409",
            },
            {
               name: "1022777",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1022777",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
            },
            {
               name: "[oss-security] 20090814 GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2009/08/14/6",
            },
            {
               name: "RHSA-2009:1232",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2009-1232.html",
            },
            {
               name: "SUSE-SR:2009:015",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html",
            },
            {
               name: "36496",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36496",
            },
            {
               name: "oval:org.mitre.oval:def:10778",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778",
            },
            {
               name: "36266",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36266",
            },
            {
               name: "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
            },
            {
               name: "gnutls-cn-san-security-bypass(52404)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404",
            },
            {
               name: "RHSA-2010:0095",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://rhn.redhat.com/errata/RHSA-2010-0095.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://article.gmane.org/gmane.network.gnutls.general/1733",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2009-2730",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "libgnutls in GnuTLS before 2.8.2 does not properly handle a '\\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "oval:org.mitre.oval:def:8409",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409",
                  },
                  {
                     name: "1022777",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1022777",
                  },
                  {
                     name: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
                     refsource: "CONFIRM",
                     url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
                  },
                  {
                     name: "[oss-security] 20090814 GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2009/08/14/6",
                  },
                  {
                     name: "RHSA-2009:1232",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2009-1232.html",
                  },
                  {
                     name: "SUSE-SR:2009:015",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html",
                  },
                  {
                     name: "36496",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36496",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10778",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778",
                  },
                  {
                     name: "36266",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/36266",
                  },
                  {
                     name: "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
                  },
                  {
                     name: "gnutls-cn-san-security-bypass(52404)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404",
                  },
                  {
                     name: "RHSA-2010:0095",
                     refsource: "REDHAT",
                     url: "https://rhn.redhat.com/errata/RHSA-2010-0095.html",
                  },
                  {
                     name: "http://article.gmane.org/gmane.network.gnutls.general/1733",
                     refsource: "CONFIRM",
                     url: "http://article.gmane.org/gmane.network.gnutls.general/1733",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2009-2730",
      datePublished: "2009-08-12T10:00:00",
      dateReserved: "2009-08-10T00:00:00",
      dateUpdated: "2024-08-07T05:59:57.016Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-0553
Vulnerability from cvelistv5
Published
2024-01-16 11:40
Modified
2024-11-23 00:10
Summary
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Impacted products
Vendor Product Version
Version: 3.8.0   
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.6.16-8.el8_9.1   < *
    cpe:/o:redhat:enterprise_linux:8::baseos
    cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.6.16-8.el8_9.1   < *
    cpe:/o:redhat:enterprise_linux:8::baseos
    cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:3.6.16-5.el8_6.3   < *
    cpe:/a:redhat:rhel_eus:8.6::appstream
    cpe:/o:redhat:rhel_eus:8.6::baseos
Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:3.6.16-7.el8_8.2   < *
    cpe:/o:redhat:rhel_eus:8.8::baseos
    cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.7.6-21.el9_2.2   < *
    cpe:/o:redhat:rhel_eus:9.2::baseos
    cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-37   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-68   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-39   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-58   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-13   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-81   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-79   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-22   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-57   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-6   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-54   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-10   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-26   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-19   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-21   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-103   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T18:11:35.649Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/01/19/3",
               },
               {
                  name: "RHSA-2024:0533",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:0533",
               },
               {
                  name: "RHSA-2024:0627",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:0627",
               },
               {
                  name: "RHSA-2024:0796",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:0796",
               },
               {
                  name: "RHSA-2024:1082",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:1082",
               },
               {
                  name: "RHSA-2024:1108",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:1108",
               },
               {
                  name: "RHSA-2024:1383",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:1383",
               },
               {
                  name: "RHSA-2024:2094",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:2094",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2024-0553",
               },
               {
                  name: "RHBZ#2258412",
                  tags: [
                     "issue-tracking",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258412",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/-/issues/1522",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240202-0011/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://gnutls.org/download.html",
               defaultStatus: "unaffected",
               packageName: "gnutls",
               versions: [
                  {
                     lessThan: "3.8.3",
                     status: "affected",
                     version: "3.8.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:8::baseos",
                  "cpe:/a:redhat:enterprise_linux:8::appstream",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.6.16-8.el8_9.1",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:8::baseos",
                  "cpe:/a:redhat:enterprise_linux:8::appstream",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.6.16-8.el8_9.1",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:rhel_eus:8.6::appstream",
                  "cpe:/o:redhat:rhel_eus:8.6::baseos",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 8.6 Extended Update Support",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.6.16-5.el8_6.3",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:rhel_eus:8.8::baseos",
                  "cpe:/a:redhat:rhel_eus:8.8::appstream",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 8.8 Extended Update Support",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.6.16-7.el8_8.2",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:enterprise_linux:9::appstream",
                  "cpe:/o:redhat:enterprise_linux:9::baseos",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.7.6-23.el9_3.3",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:enterprise_linux:9::appstream",
                  "cpe:/o:redhat:enterprise_linux:9::baseos",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.7.6-23.el9_3.3",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:rhel_eus:9.2::baseos",
                  "cpe:/a:redhat:rhel_eus:9.2::appstream",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 9.2 Extended Update Support",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.7.6-21.el9_2.2",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/cephcsi-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-37",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/mcg-core-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-68",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/mcg-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/mcg-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-39",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-client-console-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-58",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-client-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-client-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-13",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-metrics-exporter-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-81",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-79",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-cli-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-22",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-console-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-57",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-cosi-sidecar-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-6",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-csi-addons-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-csi-addons-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-15",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-csi-addons-sidecar-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-15",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-multicluster-console-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-54",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-multicluster-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-multicluster-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-10",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-must-gather-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-26",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-19",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odr-cluster-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odr-hub-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odr-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-21",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/rook-ceph-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-103",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/cluster-logging-operator-bundle",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-22",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/cluster-logging-rhel9-operator",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-11",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/elasticsearch6-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v6.8.1-407",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/elasticsearch-operator-bundle",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-19",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/elasticsearch-proxy-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v1.0.0-479",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/elasticsearch-rhel9-operator",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-7",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/eventrouter-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v0.4.0-247",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/fluentd-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-5",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/log-file-metric-exporter-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v1.1.0-227",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/logging-curator5-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.1-470",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/logging-loki-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v2.9.6-14",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/logging-view-plugin-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-2",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/loki-operator-bundle",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-24",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/loki-rhel9-operator",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-10",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/lokistack-gateway-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v0.1.0-525",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/opa-openshift-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v0.1.0-224",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/vector-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v0.28.1-56",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:6",
               ],
               defaultStatus: "unknown",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 6",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:7",
               ],
               defaultStatus: "unknown",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 7",
               vendor: "Red Hat",
            },
         ],
         datePublic: "2024-01-16T00:00:00+00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Moderate",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-203",
                     description: "Observable Discrepancy",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-11-23T00:10:16.608Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2024:0533",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:0533",
            },
            {
               name: "RHSA-2024:0627",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:0627",
            },
            {
               name: "RHSA-2024:0796",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:0796",
            },
            {
               name: "RHSA-2024:1082",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:1082",
            },
            {
               name: "RHSA-2024:1108",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:1108",
            },
            {
               name: "RHSA-2024:1383",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:1383",
            },
            {
               name: "RHSA-2024:2094",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:2094",
            },
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2024-0553",
            },
            {
               name: "RHBZ#2258412",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258412",
            },
            {
               url: "https://gitlab.com/gnutls/gnutls/-/issues/1522",
            },
            {
               url: "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2024-01-15T00:00:00+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2024-01-16T00:00:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Gnutls: incomplete fix for cve-2023-5981",
         workarounds: [
            {
               lang: "en",
               value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
            },
         ],
         x_redhatCweChain: "CWE-1300->CWE-203: Improper Protection of Physical Side Channels leads to Observable Discrepancy",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2024-0553",
      datePublished: "2024-01-16T11:40:50.677Z",
      dateReserved: "2024-01-15T04:35:34.146Z",
      dateUpdated: "2024-11-23T00:10:16.608Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-10846
Vulnerability from cvelistv5
Published
2018-08-22 13:00
Modified
2024-08-05 07:46
Summary
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
Impacted products
Vendor Product Version
[UNKNOWN] gnutls Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T07:46:47.512Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://eprint.iacr.org/2018/747",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/merge_requests/657",
               },
               {
                  name: "RHSA-2018:3505",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:3505",
               },
               {
                  name: "105138",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/105138",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846",
               },
               {
                  name: "RHSA-2018:3050",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:3050",
               },
               {
                  name: "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html",
               },
               {
                  name: "USN-3999-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3999-1/",
               },
               {
                  name: "FEDORA-2020-f90fb78f70",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
               },
               {
                  name: "FEDORA-2020-d14280a6e8",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "gnutls",
               vendor: "[UNKNOWN]",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-08-17T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-385",
                     description: "CWE-385",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-08T05:06:09",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://eprint.iacr.org/2018/747",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/merge_requests/657",
            },
            {
               name: "RHSA-2018:3505",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:3505",
            },
            {
               name: "105138",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/105138",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846",
            },
            {
               name: "RHSA-2018:3050",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:3050",
            },
            {
               name: "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html",
            },
            {
               name: "USN-3999-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/3999-1/",
            },
            {
               name: "FEDORA-2020-f90fb78f70",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
            },
            {
               name: "FEDORA-2020-d14280a6e8",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2018-10846",
      datePublished: "2018-08-22T13:00:00",
      dateReserved: "2018-05-09T00:00:00",
      dateUpdated: "2024-08-05T07:46:47.512Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-8313
Vulnerability from cvelistv5
Published
2019-12-20 13:10
Modified
2024-08-06 08:13
Severity ?
Summary
GnuTLS incorrectly validates the first byte of padding in CBC modes
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T08:13:32.090Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/CVE-2015-8313",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/78327",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2015/dsa-3408",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/537012/100/0/threaded",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "GnuTLS incorrectly validates the first byte of padding in CBC modes",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-12-20T13:10:23",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://security-tracker.debian.org/tracker/CVE-2015-8313",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securityfocus.com/bid/78327",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.debian.org/security/2015/dsa-3408",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securityfocus.com/archive/1/537012/100/0/threaded",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-8313",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "GnuTLS incorrectly validates the first byte of padding in CBC modes",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://security-tracker.debian.org/tracker/CVE-2015-8313",
                     refsource: "MISC",
                     url: "https://security-tracker.debian.org/tracker/CVE-2015-8313",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8313",
                  },
                  {
                     name: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313",
                     refsource: "MISC",
                     url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2015-8313",
                  },
                  {
                     name: "http://www.securityfocus.com/bid/78327",
                     refsource: "MISC",
                     url: "http://www.securityfocus.com/bid/78327",
                  },
                  {
                     name: "http://www.debian.org/security/2015/dsa-3408",
                     refsource: "MISC",
                     url: "http://www.debian.org/security/2015/dsa-3408",
                  },
                  {
                     name: "http://www.securityfocus.com/archive/1/537012/100/0/threaded",
                     refsource: "MISC",
                     url: "http://www.securityfocus.com/archive/1/537012/100/0/threaded",
                  },
                  {
                     name: "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html",
                     refsource: "MISC",
                     url: "https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-8313",
      datePublished: "2019-12-20T13:10:23",
      dateReserved: "2015-11-21T00:00:00",
      dateUpdated: "2024-08-06T08:13:32.090Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-5138
Vulnerability from cvelistv5
Published
2014-03-06 18:00
Modified
2024-08-07 07:32
Severity ?
Summary
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T07:32:22.389Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "57321",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57321",
               },
               {
                  name: "57260",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57260",
               },
               {
                  name: "SUSE-SU-2014:0445",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html",
               },
               {
                  name: "57274",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57274",
               },
               {
                  name: "SUSE-SU-2014:0319",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html",
               },
               {
                  name: "[oss-security] 20140225 Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.security.oss.general/12223",
               },
               {
                  name: "RHSA-2014:0247",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0247.html",
               },
               {
                  name: "SUSE-SU-2014:0320",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
               },
               {
                  name: "SUSE-SU-2014:0322",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
               },
               {
                  name: "[gnutls-devel] 20090109 Re: gnutls fails to use Verisign CA cert without a Basic Constraint",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd",
               },
               {
                  name: "57254",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57254",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1069301",
               },
               {
                  name: "[oss-security] 20140227 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://thread.gmane.org/gmane.comp.security.oss.general/12127",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-01-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-03-27T15:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "57321",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57321",
            },
            {
               name: "57260",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57260",
            },
            {
               name: "SUSE-SU-2014:0445",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html",
            },
            {
               name: "57274",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57274",
            },
            {
               name: "SUSE-SU-2014:0319",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html",
            },
            {
               name: "[oss-security] 20140225 Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.security.oss.general/12223",
            },
            {
               name: "RHSA-2014:0247",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0247.html",
            },
            {
               name: "SUSE-SU-2014:0320",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
            },
            {
               name: "SUSE-SU-2014:0322",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
            },
            {
               name: "[gnutls-devel] 20090109 Re: gnutls fails to use Verisign CA cert without a Basic Constraint",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd",
            },
            {
               name: "57254",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57254",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1069301",
            },
            {
               name: "[oss-security] 20140227 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://thread.gmane.org/gmane.comp.security.oss.general/12127",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2009-5138",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "57321",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57321",
                  },
                  {
                     name: "57260",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57260",
                  },
                  {
                     name: "SUSE-SU-2014:0445",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html",
                  },
                  {
                     name: "57274",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57274",
                  },
                  {
                     name: "SUSE-SU-2014:0319",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html",
                  },
                  {
                     name: "[oss-security] 20140225 Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.security.oss.general/12223",
                  },
                  {
                     name: "RHSA-2014:0247",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0247.html",
                  },
                  {
                     name: "SUSE-SU-2014:0320",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
                  },
                  {
                     name: "SUSE-SU-2014:0322",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
                  },
                  {
                     name: "[gnutls-devel] 20090109 Re: gnutls fails to use Verisign CA cert without a Basic Constraint",
                     refsource: "MLIST",
                     url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361",
                  },
                  {
                     name: "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd",
                     refsource: "CONFIRM",
                     url: "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd",
                  },
                  {
                     name: "57254",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57254",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1069301",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1069301",
                  },
                  {
                     name: "[oss-security] 20140227 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
                     refsource: "MLIST",
                     url: "http://thread.gmane.org/gmane.comp.security.oss.general/12127",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2009-5138",
      datePublished: "2014-03-06T18:00:00",
      dateReserved: "2014-02-26T00:00:00",
      dateUpdated: "2024-08-07T07:32:22.389Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-0567
Vulnerability from cvelistv5
Published
2024-01-16 14:01
Modified
2024-11-23 00:10
Summary
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Impacted products
Vendor Product Version
Version: 3.8.0   
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.7.6-21.el9_2.2   < *
    cpe:/o:redhat:rhel_eus:9.2::baseos
    cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-37   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-68   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-39   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-58   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-13   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-81   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-79   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-22   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-57   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-6   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-54   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-10   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-26   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-19   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-21   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-103   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Red Hat Red Hat OpenShift Container Platform 3.11     cpe:/a:redhat:openshift:3.11
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T18:11:35.636Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/01/19/3",
               },
               {
                  name: "RHSA-2024:0533",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:0533",
               },
               {
                  name: "RHSA-2024:1082",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:1082",
               },
               {
                  name: "RHSA-2024:1383",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:1383",
               },
               {
                  name: "RHSA-2024:2094",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:2094",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2024-0567",
               },
               {
                  name: "RHBZ#2258544",
                  tags: [
                     "issue-tracking",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258544",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/-/issues/1521",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240202-0011/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://gitlab.com/gnutls/gnutls",
               defaultStatus: "unaffected",
               packageName: "gnutls",
               versions: [
                  {
                     lessThan: "3.8.3",
                     status: "affected",
                     version: "3.8.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:enterprise_linux:9::appstream",
                  "cpe:/o:redhat:enterprise_linux:9::baseos",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.7.6-23.el9_3.3",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:enterprise_linux:9::appstream",
                  "cpe:/o:redhat:enterprise_linux:9::baseos",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.7.6-23.el9_3.3",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:rhel_eus:9.2::baseos",
                  "cpe:/a:redhat:rhel_eus:9.2::appstream",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 9.2 Extended Update Support",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.7.6-21.el9_2.2",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/cephcsi-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-37",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/mcg-core-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-68",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/mcg-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/mcg-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-39",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-client-console-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-58",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-client-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-client-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-13",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-metrics-exporter-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-81",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-79",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-cli-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-22",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-console-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-57",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-cosi-sidecar-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-6",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-csi-addons-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-csi-addons-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-15",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-csi-addons-sidecar-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-15",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-multicluster-console-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-54",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-multicluster-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-multicluster-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-10",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-must-gather-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-26",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-19",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odr-cluster-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odr-hub-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odr-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-21",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/rook-ceph-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-103",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/cluster-logging-operator-bundle",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-22",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/cluster-logging-rhel9-operator",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-11",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/elasticsearch6-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v6.8.1-407",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/elasticsearch-operator-bundle",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-19",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/elasticsearch-proxy-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v1.0.0-479",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/elasticsearch-rhel9-operator",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-7",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/eventrouter-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v0.4.0-247",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/fluentd-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-5",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/log-file-metric-exporter-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v1.1.0-227",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/logging-curator5-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.1-470",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/logging-loki-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v2.9.6-14",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/logging-view-plugin-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-2",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/loki-operator-bundle",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-24",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/loki-rhel9-operator",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-10",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/lokistack-gateway-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v0.1.0-525",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/opa-openshift-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v0.1.0-224",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/vector-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v0.28.1-56",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:6",
               ],
               defaultStatus: "unknown",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 6",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:7",
               ],
               defaultStatus: "unknown",
               packageName: "cockpit",
               product: "Red Hat Enterprise Linux 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:7",
               ],
               defaultStatus: "unknown",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:8",
               ],
               defaultStatus: "unaffected",
               packageName: "cockpit",
               product: "Red Hat Enterprise Linux 8",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:8",
               ],
               defaultStatus: "unaffected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 8",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:9",
               ],
               defaultStatus: "unaffected",
               packageName: "cockpit",
               product: "Red Hat Enterprise Linux 9",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:openshift:3.11",
               ],
               defaultStatus: "unaffected",
               packageName: "cockpit",
               product: "Red Hat OpenShift Container Platform 3.11",
               vendor: "Red Hat",
            },
         ],
         datePublic: "2024-01-16T00:00:00+00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Moderate",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-347",
                     description: "Improper Verification of Cryptographic Signature",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-11-23T00:10:26.501Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2024:0533",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:0533",
            },
            {
               name: "RHSA-2024:1082",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:1082",
            },
            {
               name: "RHSA-2024:1383",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:1383",
            },
            {
               name: "RHSA-2024:2094",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:2094",
            },
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2024-0567",
            },
            {
               name: "RHBZ#2258544",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258544",
            },
            {
               url: "https://gitlab.com/gnutls/gnutls/-/issues/1521",
            },
            {
               url: "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2024-01-16T00:00:00+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2024-01-16T00:00:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Gnutls: rejects certificate chain with distributed trust",
         workarounds: [
            {
               lang: "en",
               value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
            },
         ],
         x_redhatCweChain: "CWE-347: Improper Verification of Cryptographic Signature",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2024-0567",
      datePublished: "2024-01-16T14:01:59.178Z",
      dateReserved: "2024-01-16T04:02:22.392Z",
      dateUpdated: "2024-11-23T00:10:26.501Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-1569
Vulnerability from cvelistv5
Published
2012-03-26 19:00
Modified
2024-08-06 19:01
Severity ?
Summary
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
References
http://secunia.com/advisories/57260third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-0427.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/48578third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-0531.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/49002third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.htmlvendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2012/03/20/8mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2012/03/21/5mailing-list, x_refsource_MLIST
http://secunia.com/advisories/48488third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1436-1vendor-advisory, x_refsource_UBUNTU
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.htmlvendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.htmlvendor-advisory, x_refsource_FEDORA
http://www.gnu.org/software/gnutls/security.htmlx_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=804920x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-0488.htmlvendor-advisory, x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.htmlvendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932mailing-list, x_refsource_MLIST
http://www.securitytracker.com/id?1026829vdb-entry, x_refsource_SECTRACK
http://linux.oracle.com/errata/ELSA-2014-0596.htmlx_refsource_CONFIRM
http://secunia.com/advisories/48596third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/50739third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/48397third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/48505third-party-advisory, x_refsource_SECUNIA
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/x_refsource_MISC
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53mailing-list, x_refsource_MLIST
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2012/03/20/3mailing-list, x_refsource_MLIST
http://www.debian.org/security/2012/dsa-2440vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2012:039vendor-advisory, x_refsource_MANDRIVA
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.htmlvendor-advisory, x_refsource_FEDORA
http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.htmlmailing-list, x_refsource_BUGTRAQ
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.htmlvendor-advisory, x_refsource_FEDORA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T19:01:02.196Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "57260",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57260",
               },
               {
                  name: "RHSA-2012:0427",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-0427.html",
               },
               {
                  name: "48578",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48578",
               },
               {
                  name: "RHSA-2012:0531",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
               },
               {
                  name: "49002",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/49002",
               },
               {
                  name: "FEDORA-2012-4357",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html",
               },
               {
                  name: "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/03/20/8",
               },
               {
                  name: "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/03/21/5",
               },
               {
                  name: "48488",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48488",
               },
               {
                  name: "USN-1436-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1436-1",
               },
               {
                  name: "FEDORA-2012-4342",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html",
               },
               {
                  name: "FEDORA-2012-4451",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnu.org/software/gnutls/security.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=804920",
               },
               {
                  name: "RHSA-2012:0488",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
               },
               {
                  name: "FEDORA-2012-4308",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html",
               },
               {
                  name: "SUSE-SU-2014:0320",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
               },
               {
                  name: "[gnutls-devel] 20120316 gnutls 3.0.16",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932",
               },
               {
                  name: "1026829",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1026829",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
               },
               {
                  name: "48596",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48596",
               },
               {
                  name: "50739",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/50739",
               },
               {
                  name: "48397",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48397",
               },
               {
                  name: "48505",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48505",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
               },
               {
                  name: "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53",
               },
               {
                  name: "[help-libtasn1] 20120319 minimal fix to security issue",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54",
               },
               {
                  name: "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/03/20/3",
               },
               {
                  name: "DSA-2440",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2012/dsa-2440",
               },
               {
                  name: "MDVSA-2012:039",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039",
               },
               {
                  name: "FEDORA-2012-4409",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html",
               },
               {
                  name: "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html",
               },
               {
                  name: "FEDORA-2012-4417",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-03-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-17T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "57260",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57260",
            },
            {
               name: "RHSA-2012:0427",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-0427.html",
            },
            {
               name: "48578",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48578",
            },
            {
               name: "RHSA-2012:0531",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
            },
            {
               name: "49002",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/49002",
            },
            {
               name: "FEDORA-2012-4357",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html",
            },
            {
               name: "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/03/20/8",
            },
            {
               name: "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/03/21/5",
            },
            {
               name: "48488",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48488",
            },
            {
               name: "USN-1436-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1436-1",
            },
            {
               name: "FEDORA-2012-4342",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html",
            },
            {
               name: "FEDORA-2012-4451",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnu.org/software/gnutls/security.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=804920",
            },
            {
               name: "RHSA-2012:0488",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
            },
            {
               name: "FEDORA-2012-4308",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html",
            },
            {
               name: "SUSE-SU-2014:0320",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
            },
            {
               name: "[gnutls-devel] 20120316 gnutls 3.0.16",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932",
            },
            {
               name: "1026829",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1026829",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
            },
            {
               name: "48596",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48596",
            },
            {
               name: "50739",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/50739",
            },
            {
               name: "48397",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48397",
            },
            {
               name: "48505",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48505",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
            },
            {
               name: "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53",
            },
            {
               name: "[help-libtasn1] 20120319 minimal fix to security issue",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54",
            },
            {
               name: "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/03/20/3",
            },
            {
               name: "DSA-2440",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2012/dsa-2440",
            },
            {
               name: "MDVSA-2012:039",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039",
            },
            {
               name: "FEDORA-2012-4409",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html",
            },
            {
               name: "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html",
            },
            {
               name: "FEDORA-2012-4417",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2012-1569",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "57260",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57260",
                  },
                  {
                     name: "RHSA-2012:0427",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2012-0427.html",
                  },
                  {
                     name: "48578",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/48578",
                  },
                  {
                     name: "RHSA-2012:0531",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
                  },
                  {
                     name: "49002",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/49002",
                  },
                  {
                     name: "FEDORA-2012-4357",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html",
                  },
                  {
                     name: "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2012/03/20/8",
                  },
                  {
                     name: "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2012/03/21/5",
                  },
                  {
                     name: "48488",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/48488",
                  },
                  {
                     name: "USN-1436-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-1436-1",
                  },
                  {
                     name: "FEDORA-2012-4342",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html",
                  },
                  {
                     name: "FEDORA-2012-4451",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html",
                  },
                  {
                     name: "http://www.gnu.org/software/gnutls/security.html",
                     refsource: "CONFIRM",
                     url: "http://www.gnu.org/software/gnutls/security.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=804920",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=804920",
                  },
                  {
                     name: "RHSA-2012:0488",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
                  },
                  {
                     name: "FEDORA-2012-4308",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html",
                  },
                  {
                     name: "SUSE-SU-2014:0320",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
                  },
                  {
                     name: "[gnutls-devel] 20120316 gnutls 3.0.16",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932",
                  },
                  {
                     name: "1026829",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1026829",
                  },
                  {
                     name: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                     refsource: "CONFIRM",
                     url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                  },
                  {
                     name: "48596",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/48596",
                  },
                  {
                     name: "50739",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/50739",
                  },
                  {
                     name: "48397",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/48397",
                  },
                  {
                     name: "48505",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/48505",
                  },
                  {
                     name: "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
                     refsource: "MISC",
                     url: "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
                  },
                  {
                     name: "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53",
                  },
                  {
                     name: "[help-libtasn1] 20120319 minimal fix to security issue",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54",
                  },
                  {
                     name: "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2012/03/20/3",
                  },
                  {
                     name: "DSA-2440",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2012/dsa-2440",
                  },
                  {
                     name: "MDVSA-2012:039",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039",
                  },
                  {
                     name: "FEDORA-2012-4409",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html",
                  },
                  {
                     name: "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
                     refsource: "BUGTRAQ",
                     url: "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html",
                  },
                  {
                     name: "FEDORA-2012-4417",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-1569",
      datePublished: "2012-03-26T19:00:00",
      dateReserved: "2012-03-12T00:00:00",
      dateUpdated: "2024-08-06T19:01:02.196Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2008-2377
Vulnerability from cvelistv5
Published
2008-08-08 19:00
Modified
2024-08-07 08:58
Severity ?
Summary
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T08:58:02.218Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[gnutls-devel] 20080630 GnuTLS 2.4.1",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.rpath.com/browse/RPL-2650",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnu.org/software/gnutls/security.html",
               },
               {
                  name: "[gnutls-devel] 20080630 Details on the gnutls_handshake local crash problem [GNUTLS-SA-2008-2]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html",
               },
               {
                  name: "ADV-2008-2398",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/2398",
               },
               {
                  name: "30713",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/30713",
               },
               {
                  name: "gnutls-gnutlshandshake-code-execution(44486)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44486",
               },
               {
                  name: "31505",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/31505",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-06-30T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-07T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "[gnutls-devel] 20080630 GnuTLS 2.4.1",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.rpath.com/browse/RPL-2650",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnu.org/software/gnutls/security.html",
            },
            {
               name: "[gnutls-devel] 20080630 Details on the gnutls_handshake local crash problem [GNUTLS-SA-2008-2]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html",
            },
            {
               name: "ADV-2008-2398",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/2398",
            },
            {
               name: "30713",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/30713",
            },
            {
               name: "gnutls-gnutlshandshake-code-execution(44486)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44486",
            },
            {
               name: "31505",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/31505",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2008-2377",
      datePublished: "2008-08-08T19:00:00",
      dateReserved: "2008-05-21T00:00:00",
      dateUpdated: "2024-08-07T08:58:02.218Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-1415
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 05:13
Severity ?
Summary
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T05:13:25.486Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "gnutls-libgnutls-dos(50445)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50445",
               },
               {
                  name: "[gnutls-devel] 20090423 Re: some crashes on using DSA keys",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502",
               },
               {
                  name: "[gnutls-devel] 20090430 Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1] [CVE-2009-1415]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515",
               },
               {
                  name: "gnutls-dsa-code-execution(50257)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50257",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488",
               },
               {
                  name: "gnutls-dsa-dos(50260)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50260",
               },
               {
                  name: "ADV-2009-1218",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/1218",
               },
               {
                  name: "34783",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/34783",
               },
               {
                  name: "GLSA-200905-04",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
               },
               {
                  name: "1022157",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1022157",
               },
               {
                  name: "34842",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/34842",
               },
               {
                  name: "35211",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/35211",
               },
               {
                  name: "MDVSA-2009:116",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-04-30T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-16T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "gnutls-libgnutls-dos(50445)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50445",
            },
            {
               name: "[gnutls-devel] 20090423 Re: some crashes on using DSA keys",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502",
            },
            {
               name: "[gnutls-devel] 20090430 Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1] [CVE-2009-1415]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515",
            },
            {
               name: "gnutls-dsa-code-execution(50257)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50257",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488",
            },
            {
               name: "gnutls-dsa-dos(50260)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50260",
            },
            {
               name: "ADV-2009-1218",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/1218",
            },
            {
               name: "34783",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/34783",
            },
            {
               name: "GLSA-200905-04",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
            },
            {
               name: "1022157",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1022157",
            },
            {
               name: "34842",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/34842",
            },
            {
               name: "35211",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/35211",
            },
            {
               name: "MDVSA-2009:116",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2009-1415",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "gnutls-libgnutls-dos(50445)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50445",
                  },
                  {
                     name: "[gnutls-devel] 20090423 Re: some crashes on using DSA keys",
                     refsource: "MLIST",
                     url: "http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502",
                  },
                  {
                     name: "[gnutls-devel] 20090430 Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1] [CVE-2009-1415]",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515",
                  },
                  {
                     name: "gnutls-dsa-code-execution(50257)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50257",
                  },
                  {
                     name: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488",
                     refsource: "CONFIRM",
                     url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488",
                  },
                  {
                     name: "gnutls-dsa-dos(50260)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50260",
                  },
                  {
                     name: "ADV-2009-1218",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2009/1218",
                  },
                  {
                     name: "34783",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/34783",
                  },
                  {
                     name: "GLSA-200905-04",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
                  },
                  {
                     name: "1022157",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1022157",
                  },
                  {
                     name: "34842",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/34842",
                  },
                  {
                     name: "35211",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/35211",
                  },
                  {
                     name: "MDVSA-2009:116",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2009-1415",
      datePublished: "2009-04-30T20:00:00",
      dateReserved: "2009-04-24T00:00:00",
      dateUpdated: "2024-08-07T05:13:25.486Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-5335
Vulnerability from cvelistv5
Published
2017-03-24 15:00
Modified
2024-08-05 14:55
Severity ?
Summary
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T14:55:35.773Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
               },
               {
                  name: "RHSA-2017:2292",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2292",
               },
               {
                  name: "1037576",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037576",
               },
               {
                  name: "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337",
               },
               {
                  name: "openSUSE-SU-2017:0386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
               },
               {
                  name: "RHSA-2017:0574",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
               },
               {
                  name: "GLSA-201702-04",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201702-04",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a",
               },
               {
                  name: "95374",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/95374",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-01-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            shortName: "debian",
         },
         references: [
            {
               name: "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
            },
            {
               name: "RHSA-2017:2292",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2292",
            },
            {
               name: "1037576",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1037576",
            },
            {
               name: "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337",
            },
            {
               name: "openSUSE-SU-2017:0386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
            },
            {
               name: "RHSA-2017:0574",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
            },
            {
               name: "GLSA-201702-04",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201702-04",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a",
            },
            {
               name: "95374",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/95374",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@debian.org",
               ID: "CVE-2017-5335",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2017/01/10/7",
                  },
                  {
                     name: "RHSA-2017:2292",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2292",
                  },
                  {
                     name: "1037576",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1037576",
                  },
                  {
                     name: "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2017/01/11/4",
                  },
                  {
                     name: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337",
                  },
                  {
                     name: "openSUSE-SU-2017:0386",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
                  },
                  {
                     name: "RHSA-2017:0574",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
                  },
                  {
                     name: "GLSA-201702-04",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201702-04",
                  },
                  {
                     name: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
                     refsource: "CONFIRM",
                     url: "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a",
                     refsource: "CONFIRM",
                     url: "https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a",
                  },
                  {
                     name: "95374",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/95374",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
      assignerShortName: "debian",
      cveId: "CVE-2017-5335",
      datePublished: "2017-03-24T15:00:00",
      dateReserved: "2017-01-10T00:00:00",
      dateUpdated: "2024-08-05T14:55:35.773Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2010-0731
Vulnerability from cvelistv5
Published
2010-03-26 18:00
Modified
2024-08-07 00:59
Severity ?
Summary
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T00:59:39.012Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2010:0167",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0167.html",
               },
               {
                  name: "39127",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39127",
               },
               {
                  name: "MDVSA-2010:089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089",
               },
               {
                  name: "38959",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/38959",
               },
               {
                  name: "ADV-2010-0713",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0713",
               },
               {
                  name: "oval:org.mitre.oval:def:9759",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9759",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=573028",
               },
               {
                  name: "SUSE-SR:2010:014",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",
               },
               {
                  name: "ADV-2010-1054",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/1054",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2010-03-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-09-18T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2010:0167",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0167.html",
            },
            {
               name: "39127",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39127",
            },
            {
               name: "MDVSA-2010:089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089",
            },
            {
               name: "38959",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/38959",
            },
            {
               name: "ADV-2010-0713",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0713",
            },
            {
               name: "oval:org.mitre.oval:def:9759",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9759",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=573028",
            },
            {
               name: "SUSE-SR:2010:014",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",
            },
            {
               name: "ADV-2010-1054",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/1054",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2010-0731",
      datePublished: "2010-03-26T18:00:00",
      dateReserved: "2010-02-26T00:00:00",
      dateUpdated: "2024-08-07T00:59:39.012Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-24659
Vulnerability from cvelistv5
Published
2020-09-04 14:03
Modified
2024-08-04 15:19
Severity ?
Summary
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:19:08.542Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/-/issues/1071",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04",
               },
               {
                  name: "GLSA-202009-01",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202009-01",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200911-0006/",
               },
               {
                  name: "FEDORA-2020-0ab6656303",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/",
               },
               {
                  name: "USN-4491-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4491-1/",
               },
               {
                  name: "FEDORA-2020-de51ee7cc9",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/",
               },
               {
                  name: "openSUSE-SU-2020:1724",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html",
               },
               {
                  name: "openSUSE-SU-2020:1743",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-10-26T15:07:06",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://gitlab.com/gnutls/gnutls/-/issues/1071",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04",
            },
            {
               name: "GLSA-202009-01",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202009-01",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200911-0006/",
            },
            {
               name: "FEDORA-2020-0ab6656303",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/",
            },
            {
               name: "USN-4491-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4491-1/",
            },
            {
               name: "FEDORA-2020-de51ee7cc9",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/",
            },
            {
               name: "openSUSE-SU-2020:1724",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html",
            },
            {
               name: "openSUSE-SU-2020:1743",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-24659",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://gitlab.com/gnutls/gnutls/-/issues/1071",
                     refsource: "MISC",
                     url: "https://gitlab.com/gnutls/gnutls/-/issues/1071",
                  },
                  {
                     name: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04",
                     refsource: "MISC",
                     url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04",
                  },
                  {
                     name: "GLSA-202009-01",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202009-01",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200911-0006/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200911-0006/",
                  },
                  {
                     name: "FEDORA-2020-0ab6656303",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62BUAI4FQQLG6VTKRT7SUZPGJJ4NASQ3/",
                  },
                  {
                     name: "USN-4491-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4491-1/",
                  },
                  {
                     name: "FEDORA-2020-de51ee7cc9",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWN56FDLQQXT2D2YHNI4TYH432TDMQ7N/",
                  },
                  {
                     name: "openSUSE-SU-2020:1724",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00054.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1743",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00060.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-24659",
      datePublished: "2020-09-04T14:03:36",
      dateReserved: "2020-08-26T00:00:00",
      dateUpdated: "2024-08-04T15:19:08.542Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-3555
Vulnerability from cvelistv5
Published
2009-11-09 17:00
Modified
2024-08-07 06:31
Severity ?
Summary
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
References
http://lists.apple.com/archives/security-announce/2010//May/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://www.securitytracker.com/id?1023427vdb-entry, x_refsource_SECTRACK
http://support.avaya.com/css/P8/documents/100081611x_refsource_CONFIRM
http://osvdb.org/62210vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/37640third-party-advisory, x_refsource_SECUNIA
http://www.arubanetworks.com/support/alerts/aid-020810.txtx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0916vdb-entry, x_refsource_VUPEN
http://support.avaya.com/css/P8/documents/100114327x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0167.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2010/2010vdb-entry, x_refsource_VUPEN
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/0086vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1673vdb-entry, x_refsource_VUPEN
http://www.ietf.org/mail-archive/web/tls/current/msg03948.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/37656third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2010-0865.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/39628third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlx_refsource_CONFIRM
http://secunia.com/advisories/42724third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3310vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/3205vdb-entry, x_refsource_VUPEN
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_duringx_refsource_CONFIRM
http://secunia.com/advisories/39461third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/css/P8/documents/100114315x_refsource_CONFIRM
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2cx_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201406-32.xmlvendor-advisory, x_refsource_GENTOO
http://www.ingate.com/Relnote.php?ver=481x_refsource_CONFIRM
http://www.securitytracker.com/id?1023204vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/40866third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=134254866602253&w=2vendor-advisory, x_refsource_HP
http://www.us-cert.gov/cas/techalerts/TA10-222A.htmlthird-party-advisory, x_refsource_CERT
http://www.securitytracker.com/id?1023211vdb-entry, x_refsource_SECTRACK
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686vendor-advisory, x_refsource_HP
http://secunia.com/advisories/39317third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1023212vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/39127third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/40545third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/3069vdb-entry, x_refsource_VUPEN
http://openbsd.org/errata45.html#010_opensslvendor-advisory, x_refsource_OPENBSD
http://www.securitytracker.com/id?1023210vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id?1023270vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/40070third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1023273vdb-entry, x_refsource_SECTRACK
http://kbase.redhat.com/faq/docs/DOC-20491x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-927-5vendor-advisory, x_refsource_UBUNTU
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247vendor-advisory, x_refsource_AIXAPAR
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlvendor-advisory, x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDVSA-2010:089vendor-advisory, x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2010-0770.htmlvendor-advisory, x_refsource_REDHAT
http://www.openssl.org/news/secadv_20091111.txtx_refsource_CONFIRM
http://www.securitytracker.com/id?1023275vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2015/dsa-3253vendor-advisory, x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2009/3484vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1023207vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/37859third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1vendor-advisory, x_refsource_SUNALERT
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/0848vdb-entry, x_refsource_VUPEN
http://www.openwall.com/lists/oss-security/2009/11/07/3mailing-list, x_refsource_MLIST
http://secunia.com/advisories/39819third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055vendor-advisory, x_refsource_AIXAPAR
http://www.links.org/?p=786x_refsource_MISC
http://osvdb.org/60521vdb-entry, x_refsource_OSVDB
http://www.openwall.com/lists/oss-security/2009/11/23/10mailing-list, x_refsource_MLIST
http://www.kb.cert.org/vuls/id/120541third-party-advisory, x_refsource_CERT-VN
http://www.securitytracker.com/id?1023217vdb-entry, x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-0768.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/3353vdb-entry, x_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/39136third-party-advisory, x_refsource_SECUNIA
http://www.openoffice.org/security/cves/CVE-2009-3555.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0032vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1023148vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/36935vdb-entry, x_refsource_BID
http://www.tombom.co.uk/blog/?p=85x_refsource_MISC
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2010/1107vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1023218vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2010/1350vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2010-0338.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/42379third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.htmlvendor-advisory, x_refsource_FEDORA
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtmlvendor-advisory, x_refsource_CISCO
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848vendor-advisory, x_refsource_AIXAPAR
http://www.securitytracker.com/id?1023213vdb-entry, x_refsource_SECTRACK
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/1793vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617vdb-entry, signature, x_refsource_OVAL
http://extendedsubset.com/?p=8x_refsource_MISC
http://secunia.com/advisories/37292third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/522176vendor-advisory, x_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilities/54158vdb-entry, x_refsource_XF
http://lists.apple.com/archives/security-announce/2010//May/msg00002.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/39278third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1023205vdb-entry, x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-0130.htmlvendor-advisory, x_refsource_REDHAT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory, x_refsource_HP
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.htmlx_refsource_CONFIRM
http://support.apple.com/kb/HT4004x_refsource_CONFIRM
http://www.securitytracker.com/id?1023215vdb-entry, x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-1010-1vendor-advisory, x_refsource_UBUNTU
http://www.securitytracker.com/id?1023206vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlvendor-advisory, x_refsource_SUSE
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200912-01.xmlvendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=127419602507642&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/3313vdb-entry, x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1vendor-advisory, x_refsource_SUNALERT
http://www.securitytracker.com/id?1023208vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/43308third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1023214vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/38781third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=133469267822771&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=127419602507642&w=2vendor-advisory, x_refsource_HP
http://www.debian.org/security/2009/dsa-1934vendor-advisory, x_refsource_DEBIAN
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.htmlvendor-advisory, x_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478vdb-entry, signature, x_refsource_OVAL
http://www.securitytracker.com/id?1023271vdb-entry, x_refsource_SECTRACK
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://marc.info/?l=cryptography&m=125752275331877&w=2mailing-list, x_refsource_MLIST
http://secunia.com/advisories/42467third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/508130/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315vdb-entry, signature, x_refsource_OVAL
http://www.securitytracker.com/id?1023224vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-927-4vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/41490third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/508075/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securitytracker.com/id?1023243vdb-entry, x_refsource_SECTRACK
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.htmlx_refsource_MISC
http://secunia.com/advisories/37504third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1023219vdb-entry, x_refsource_SECTRACK
http://sysoev.ru/nginx/patch.cve-2009-3555.txtx_refsource_CONFIRM
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.htmlx_refsource_MISC
http://www.securitytracker.com/id?1023163vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=132077688910227&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/3521vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973vdb-entry, signature, x_refsource_OVAL
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995vendor-advisory, x_refsource_HP
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_releasedx_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=533125x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/44183third-party-advisory, x_refsource_SECUNIA
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTESx_refsource_CONFIRM
http://secunia.com/advisories/42808third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/39500third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578vdb-entry, signature, x_refsource_OVAL
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/3220vdb-entry, x_refsource_VUPEN
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=127557596201693&w=2vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2010-0165.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/archive/1/515055/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2010-0987.htmlvendor-advisory, x_refsource_REDHAT
https://bugzilla.mozilla.org/show_bug.cgi?id=545755x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21426108x_refsource_CONFIRM
http://blogs.iss.net/archive/sslmitmiscsrf.htmlx_refsource_MISC
http://www.securitytracker.com/id?1023411vdb-entry, x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-0339.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2010-0986.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/3164vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/37383third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/44954third-party-advisory, x_refsource_SECUNIA
http://www.ietf.org/mail-archive/web/tls/current/msg03928.htmlmailing-list, x_refsource_MLIST
http://marc.info/?l=bugtraq&m=127557596201693&w=2vendor-advisory, x_refsource_HP
http://support.avaya.com/css/P8/documents/100070150x_refsource_CONFIRM
http://secunia.com/advisories/40747third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126150535619567&w=2vendor-advisory, x_refsource_HP
http://www.securityfocus.com/archive/1/522176vendor-advisory, x_refsource_HP
http://secunia.com/advisories/39292third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42816third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054vendor-advisory, x_refsource_AIXAPAR
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1vendor-advisory, x_refsource_SUNALERT
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.htmlvendor-advisory, x_refsource_FEDORA
http://www-01.ibm.com/support/docview.wss?uid=swg21432298x_refsource_CONFIRM
http://extendedsubset.com/Renegotiating_TLS.pdfx_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg24025312x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg24006386x_refsource_CONFIRM
http://support.apple.com/kb/HT4170x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/507952/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securitytracker.com/id?1023209vdb-entry, x_refsource_SECTRACK
http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=onlyvendor-advisory, x_refsource_AIXAPAR
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=130497311408250&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/48577third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446vendor-advisory, x_refsource_SLACKWARE
http://www.links.org/?p=789x_refsource_MISC
http://www.opera.com/docs/changelogs/unix/1060/x_refsource_CONFIRM
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.htmlx_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2011-0880.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.htmlx_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/11/06/3mailing-list, x_refsource_MLIST
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.htmlvendor-advisory, x_refsource_FEDORA
http://wiki.rpath.com/Advisories:rPSA-2009-0155x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://support.citrix.com/article/CTX123359x_refsource_CONFIRM
http://secunia.com/advisories/37501third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076vendor-advisory, x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=127128920008563&w=2vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/3587vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/39632third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126150535619567&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/38687third-party-advisory, x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=526689x_refsource_MISC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049vendor-advisory, x_refsource_MS
http://www.vupen.com/english/advisories/2010/0982vdb-entry, x_refsource_VUPEN
http://marc.info/?l=bugtraq&m=133469267822771&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/37399third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-927-1vendor-advisory, x_refsource_UBUNTU
http://www.securitytracker.com/id?1023272vdb-entry, x_refsource_SECTRACK
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/3126vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/37320third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3165vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1639vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/38020third-party-advisory, x_refsource_SECUNIA
http://ubuntu.com/usn/usn-923-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/39243third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/37453third-party-advisory, x_refsource_SECUNIA
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0933vdb-entry, x_refsource_VUPEN
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995vendor-advisory, x_refsource_HP
http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlx_refsource_CONFIRM
http://secunia.com/advisories/41972third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/3086vdb-entry, x_refsource_VUPEN
http://www.debian.org/security/2011/dsa-2141vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id?1024789vdb-entry, x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-0155.htmlvendor-advisory, x_refsource_REDHAT
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.htmlx_refsource_MISC
http://www.vupen.com/english/advisories/2011/0033vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2010-0337.htmlvendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id?1023216vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/41480third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0086vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/41818third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/37604third-party-advisory, x_refsource_SECUNIA
http://www.opera.com/support/search/view/944/x_refsource_CONFIRM
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2mailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlvendor-advisory, x_refsource_SUSE
http://www.us-cert.gov/cas/techalerts/TA10-287A.htmlthird-party-advisory, x_refsource_CERT
http://www.links.org/?p=780x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2010-0119.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/38056third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0748vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/37675third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535vdb-entry, signature, x_refsource_OVAL
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=127128920008563&w=2vendor-advisory, x_refsource_HP
http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlx_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0786.htmlvendor-advisory, x_refsource_REDHAT
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txtx_refsource_MISC
http://secunia.com/advisories/38003third-party-advisory, x_refsource_SECUNIA
http://support.apple.com/kb/HT4171x_refsource_CONFIRM
http://www.securitytracker.com/id?1023428vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=132077688910227&w=2vendor-advisory, x_refsource_HP
http://www.openwall.com/lists/oss-security/2009/11/20/1mailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2009/3354vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1023274vdb-entry, x_refsource_SECTRACK
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/39242third-party-advisory, x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA50x_refsource_CONFIRM
http://secunia.com/advisories/38241third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42377third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201203-22.xmlvendor-advisory, x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2009/11/05/3mailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlvendor-advisory, x_refsource_SUSE
http://osvdb.org/60972vdb-entry, x_refsource_OSVDB
http://www.securitytracker.com/id?1023426vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/38484third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084vendor-advisory, x_refsource_MANDRIVA
http://www.betanews.com/article/1257452450x_refsource_MISC
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1vendor-advisory, x_refsource_SUNALERT
http://www.mozilla.org/security/announce/2010/mfsa2010-22.htmlx_refsource_CONFIRM
http://www.securityfocus.com/archive/1/516397/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://openbsd.org/errata46.html#004_opensslvendor-advisory, x_refsource_OPENBSD
http://secunia.com/advisories/41967third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2010-0807.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2010/1191vdb-entry, x_refsource_VUPEN
http://seclists.org/fulldisclosure/2009/Nov/139mailing-list, x_refsource_FULLDISC
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.htmlx_refsource_MISC
http://www.openwall.com/lists/oss-security/2009/11/05/5mailing-list, x_refsource_MLIST
http://secunia.com/advisories/39713third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42733third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/37291third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.htmlvendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/2745vdb-entry, x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2010/0994vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/0173vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1054vdb-entry, x_refsource_VUPEN
http://osvdb.org/65202vdb-entry, x_refsource_OSVDB
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.htmlvendor-advisory, x_refsource_FEDORA
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.htmlmailing-list, x_refsource_MLIST
http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.htmlmailing-list, x_refsource_BUGTRAQ
http://clicky.me/tlsvulnx_refsource_MISC
http://secunia.com/advisories/42811third-party-advisory, x_refsource_SECUNIA
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T06:31:10.430Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "APPLE-SA-2010-05-18-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html",
               },
               {
                  name: "1023427",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023427",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.avaya.com/css/P8/documents/100081611",
               },
               {
                  name: "62210",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/62210",
               },
               {
                  name: "37640",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37640",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.arubanetworks.com/support/alerts/aid-020810.txt",
               },
               {
                  name: "ADV-2010-0916",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0916",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.avaya.com/css/P8/documents/100114327",
               },
               {
                  name: "RHSA-2010:0167",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0167.html",
               },
               {
                  name: "ADV-2010-2010",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/2010",
               },
               {
                  name: "FEDORA-2009-12750",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html",
               },
               {
                  name: "ADV-2010-0086",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0086",
               },
               {
                  name: "ADV-2010-1673",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/1673",
               },
               {
                  name: "[tls] 20091104 TLS renegotiation issue",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html",
               },
               {
                  name: "37656",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37656",
               },
               {
                  name: "RHSA-2010:0865",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0865.html",
               },
               {
                  name: "39628",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39628",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
               },
               {
                  name: "42724",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/42724",
               },
               {
                  name: "ADV-2009-3310",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/3310",
               },
               {
                  name: "ADV-2009-3205",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/3205",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during",
               },
               {
                  name: "39461",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39461",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.avaya.com/css/P8/documents/100114315",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c",
               },
               {
                  name: "GLSA-201406-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-201406-32.xml",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.ingate.com/Relnote.php?ver=481",
               },
               {
                  name: "1023204",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023204",
               },
               {
                  name: "40866",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/40866",
               },
               {
                  name: "HPSBMU02799",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2",
               },
               {
                  name: "TA10-222A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA10-222A.html",
               },
               {
                  name: "1023211",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023211",
               },
               {
                  name: "SSRT090249",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686",
               },
               {
                  name: "39317",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39317",
               },
               {
                  name: "1023212",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023212",
               },
               {
                  name: "SUSE-SA:2010:061",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html",
               },
               {
                  name: "39127",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39127",
               },
               {
                  name: "40545",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/40545",
               },
               {
                  name: "ADV-2010-3069",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/3069",
               },
               {
                  name: "[4.5] 010: SECURITY FIX: November 26, 2009",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_OPENBSD",
                     "x_transferred",
                  ],
                  url: "http://openbsd.org/errata45.html#010_openssl",
               },
               {
                  name: "1023210",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023210",
               },
               {
                  name: "1023270",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023270",
               },
               {
                  name: "40070",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/40070",
               },
               {
                  name: "1023273",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023273",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://kbase.redhat.com/faq/docs/DOC-20491",
               },
               {
                  name: "USN-927-5",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-927-5",
               },
               {
                  name: "PM12247",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_AIXAPAR",
                     "x_transferred",
                  ],
                  url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247",
               },
               {
                  name: "SUSE-SU-2011:0847",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html",
               },
               {
                  name: "MDVSA-2010:089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089",
               },
               {
                  name: "RHSA-2010:0770",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0770.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.openssl.org/news/secadv_20091111.txt",
               },
               {
                  name: "1023275",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023275",
               },
               {
                  name: "DSA-3253",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2015/dsa-3253",
               },
               {
                  name: "ADV-2009-3484",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/3484",
               },
               {
                  name: "1023207",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023207",
               },
               {
                  name: "37859",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37859",
               },
               {
                  name: "SSRT101846",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=142660345230545&w=2",
               },
               {
                  name: "1021752",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1",
               },
               {
                  name: "FEDORA-2010-6131",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html",
               },
               {
                  name: "ADV-2010-0848",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0848",
               },
               {
                  name: "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2009/11/07/3",
               },
               {
                  name: "39819",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39819",
               },
               {
                  name: "IC68055",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_AIXAPAR",
                     "x_transferred",
                  ],
                  url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.links.org/?p=786",
               },
               {
                  name: "60521",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/60521",
               },
               {
                  name: "[oss-security] 20091123 Re: CVEs for nginx",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2009/11/23/10",
               },
               {
                  name: "VU#120541",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/120541",
               },
               {
                  name: "1023217",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023217",
               },
               {
                  name: "RHSA-2010:0768",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0768.html",
               },
               {
                  name: "ADV-2009-3353",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/3353",
               },
               {
                  name: "FEDORA-2010-5357",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html",
               },
               {
                  name: "39136",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39136",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.openoffice.org/security/cves/CVE-2009-3555.html",
               },
               {
                  name: "ADV-2011-0032",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2011/0032",
               },
               {
                  name: "1023148",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1023148",
               },
               {
                  name: "openSUSE-SU-2011:0845",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html",
               },
               {
                  name: "36935",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/36935",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.tombom.co.uk/blog/?p=85",
               },
               {
                  name: "SSRT090208",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2",
               },
               {
                  name: "ADV-2010-1107",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/1107",
               },
               {
                  name: "1023218",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023218",
               },
               {
                  name: "ADV-2010-1350",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/1350",
               },
               {
                  name: "RHSA-2010:0338",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0338.html",
               },
               {
                  name: "42379",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/42379",
               },
               {
                  name: "FEDORA-2009-12775",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html",
               },
               {
                  name: "20091109 Transport Layer Security Renegotiation Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml",
               },
               {
                  name: "IC67848",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_AIXAPAR",
                     "x_transferred",
                  ],
                  url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848",
               },
               {
                  name: "1023213",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023213",
               },
               {
                  name: "FEDORA-2010-16240",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html",
               },
               {
                  name: "ADV-2010-1793",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/1793",
               },
               {
                  name: "oval:org.mitre.oval:def:11617",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://extendedsubset.com/?p=8",
               },
               {
                  name: "37292",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37292",
               },
               {
                  name: "SSRT100817",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/522176",
               },
               {
                  name: "tls-renegotiation-weak-security(54158)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158",
               },
               {
                  name: "APPLE-SA-2010-05-18-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html",
               },
               {
                  name: "39278",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39278",
               },
               {
                  name: "1023205",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023205",
               },
               {
                  name: "RHSA-2010:0130",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0130.html",
               },
               {
                  name: "HPSBUX02482",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686",
               },
               {
                  name: "HPSBHF03293",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=142660345230545&w=2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.apple.com/kb/HT4004",
               },
               {
                  name: "1023215",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023215",
               },
               {
                  name: "USN-1010-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1010-1",
               },
               {
                  name: "1023206",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023206",
               },
               {
                  name: "SUSE-SR:2010:011",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
               },
               {
                  name: "GLSA-200912-01",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200912-01.xml",
               },
               {
                  name: "SSRT090180",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=127419602507642&w=2",
               },
               {
                  name: "ADV-2009-3313",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/3313",
               },
               {
                  name: "274990",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1",
               },
               {
                  name: "1023208",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023208",
               },
               {
                  name: "43308",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/43308",
               },
               {
                  name: "1023214",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023214",
               },
               {
                  name: "SUSE-SA:2009:057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html",
               },
               {
                  name: "38781",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/38781",
               },
               {
                  name: "HPSBOV02762",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2",
               },
               {
                  name: "HPSBMA02534",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=127419602507642&w=2",
               },
               {
                  name: "DSA-1934",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2009/dsa-1934",
               },
               {
                  name: "FEDORA-2009-12782",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html",
               },
               {
                  name: "oval:org.mitre.oval:def:7478",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478",
               },
               {
                  name: "1023271",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023271",
               },
               {
                  name: "APPLE-SA-2010-01-19-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html",
               },
               {
                  name: "[cryptography] 20091105 OpenSSL 0.9.8l released",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=cryptography&m=125752275331877&w=2",
               },
               {
                  name: "42467",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/42467",
               },
               {
                  name: "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/508130/100/0/threaded",
               },
               {
                  name: "oval:org.mitre.oval:def:7315",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315",
               },
               {
                  name: "1023224",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023224",
               },
               {
                  name: "SUSE-SR:2010:013",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html",
               },
               {
                  name: "USN-927-4",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-927-4",
               },
               {
                  name: "41490",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/41490",
               },
               {
                  name: "20091124 rPSA-2009-0155-1 httpd mod_ssl",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded",
               },
               {
                  name: "1023243",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023243",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html",
               },
               {
                  name: "37504",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37504",
               },
               {
                  name: "1023219",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023219",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://sysoev.ru/nginx/patch.cve-2009-3555.txt",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html",
               },
               {
                  name: "1023163",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023163",
               },
               {
                  name: "HPSBHF02706",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=132077688910227&w=2",
               },
               {
                  name: "ADV-2009-3521",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/3521",
               },
               {
                  name: "oval:org.mitre.oval:def:7973",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973",
               },
               {
                  name: "HPSBMA02568",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125",
               },
               {
                  name: "oval:org.mitre.oval:def:10088",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088",
               },
               {
                  name: "44183",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/44183",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES",
               },
               {
                  name: "42808",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/42808",
               },
               {
                  name: "39500",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39500",
               },
               {
                  name: "oval:org.mitre.oval:def:11578",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
               },
               {
                  name: "ADV-2009-3220",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/3220",
               },
               {
                  name: "SSRT100179",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751",
               },
               {
                  name: "SSRT100089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=127557596201693&w=2",
               },
               {
                  name: "RHSA-2010:0165",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0165.html",
               },
               {
                  name: "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded",
               },
               {
                  name: "RHSA-2010:0987",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0987.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=545755",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://blogs.iss.net/archive/sslmitmiscsrf.html",
               },
               {
                  name: "1023411",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023411",
               },
               {
                  name: "RHSA-2010:0339",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0339.html",
               },
               {
                  name: "RHSA-2010:0986",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0986.html",
               },
               {
                  name: "ADV-2009-3164",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/3164",
               },
               {
                  name: "37383",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37383",
               },
               {
                  name: "FEDORA-2009-12229",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html",
               },
               {
                  name: "44954",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/44954",
               },
               {
                  name: "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html",
               },
               {
                  name: "HPSBUX02524",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=127557596201693&w=2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.avaya.com/css/P8/documents/100070150",
               },
               {
                  name: "40747",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/40747",
               },
               {
                  name: "HPSBUX02498",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=126150535619567&w=2",
               },
               {
                  name: "HPSBMU02759",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/522176",
               },
               {
                  name: "39292",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39292",
               },
               {
                  name: "42816",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/42816",
               },
               {
                  name: "IC68054",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_AIXAPAR",
                     "x_transferred",
                  ],
                  url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054",
               },
               {
                  name: "273029",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1",
               },
               {
                  name: "FEDORA-2009-12604",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://extendedsubset.com/Renegotiating_TLS.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www-01.ibm.com/support/docview.wss?uid=swg24025312",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www-01.ibm.com/support/docview.wss?uid=swg24006386",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.apple.com/kb/HT4170",
               },
               {
                  name: "20091118 TLS / SSLv3 vulnerability explained (DRAFT)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/507952/100/0/threaded",
               },
               {
                  name: "1023209",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023209",
               },
               {
                  name: "PM00675",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_AIXAPAR",
                     "x_transferred",
                  ],
                  url: "http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
               },
               {
                  name: "HPSBOV02683",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2",
               },
               {
                  name: "48577",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48577",
               },
               {
                  name: "SSA:2009-320-01",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SLACKWARE",
                     "x_transferred",
                  ],
                  url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.links.org/?p=789",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.opera.com/docs/changelogs/unix/1060/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html",
               },
               {
                  name: "RHSA-2011:0880",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2011-0880.html",
               },
               {
                  name: "SUSE-SR:2010:008",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
               },
               {
                  name: "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2009/11/06/3",
               },
               {
                  name: "FEDORA-2009-12305",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://wiki.rpath.com/Advisories:rPSA-2009-0155",
               },
               {
                  name: "SUSE-SR:2010:012",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.citrix.com/article/CTX123359",
               },
               {
                  name: "37501",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37501",
               },
               {
                  name: "MDVSA-2010:076",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076",
               },
               {
                  name: "HPSBUX02517",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=127128920008563&w=2",
               },
               {
                  name: "ADV-2009-3587",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/3587",
               },
               {
                  name: "39632",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39632",
               },
               {
                  name: "SSRT090264",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=126150535619567&w=2",
               },
               {
                  name: "38687",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/38687",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=526689",
               },
               {
                  name: "MS10-049",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MS",
                     "x_transferred",
                  ],
                  url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049",
               },
               {
                  name: "ADV-2010-0982",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0982",
               },
               {
                  name: "SSRT100825",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2",
               },
               {
                  name: "37399",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37399",
               },
               {
                  name: "USN-927-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-927-1",
               },
               {
                  name: "1023272",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023272",
               },
               {
                  name: "FEDORA-2009-12606",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html",
               },
               {
                  name: "ADV-2010-3126",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/3126",
               },
               {
                  name: "37320",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37320",
               },
               {
                  name: "ADV-2009-3165",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/3165",
               },
               {
                  name: "ADV-2010-1639",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/1639",
               },
               {
                  name: "38020",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/38020",
               },
               {
                  name: "USN-923-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://ubuntu.com/usn/usn-923-1",
               },
               {
                  name: "39243",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39243",
               },
               {
                  name: "oval:org.mitre.oval:def:8366",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366",
               },
               {
                  name: "37453",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37453",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html",
               },
               {
                  name: "ADV-2010-0933",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0933",
               },
               {
                  name: "SSRT100219",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
               },
               {
                  name: "41972",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/41972",
               },
               {
                  name: "ADV-2010-3086",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/3086",
               },
               {
                  name: "DSA-2141",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2011/dsa-2141",
               },
               {
                  name: "1024789",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1024789",
               },
               {
                  name: "RHSA-2010:0155",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0155.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html",
               },
               {
                  name: "ADV-2011-0033",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2011/0033",
               },
               {
                  name: "RHSA-2010:0337",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0337.html",
               },
               {
                  name: "1023216",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023216",
               },
               {
                  name: "41480",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/41480",
               },
               {
                  name: "ADV-2011-0086",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2011/0086",
               },
               {
                  name: "41818",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/41818",
               },
               {
                  name: "37604",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37604",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.opera.com/support/search/view/944/",
               },
               {
                  name: "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2",
               },
               {
                  name: "SUSE-SR:2010:024",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html",
               },
               {
                  name: "TA10-287A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA10-287A.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.links.org/?p=780",
               },
               {
                  name: "RHSA-2010:0119",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0119.html",
               },
               {
                  name: "38056",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/38056",
               },
               {
                  name: "ADV-2010-0748",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0748",
               },
               {
                  name: "37675",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37675",
               },
               {
                  name: "oval:org.mitre.oval:def:8535",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535",
               },
               {
                  name: "HPSBMA02547",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751",
               },
               {
                  name: "SSRT100058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=127128920008563&w=2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
               },
               {
                  name: "RHSA-2010:0786",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0786.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt",
               },
               {
                  name: "38003",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/38003",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.apple.com/kb/HT4171",
               },
               {
                  name: "1023428",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023428",
               },
               {
                  name: "SSRT100613",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=132077688910227&w=2",
               },
               {
                  name: "[oss-security] 20091120 CVEs for nginx",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2009/11/20/1",
               },
               {
                  name: "ADV-2009-3354",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/3354",
               },
               {
                  name: "1023274",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023274",
               },
               {
                  name: "FEDORA-2009-12968",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html",
               },
               {
                  name: "39242",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39242",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://kb.bluecoat.com/index?page=content&id=SA50",
               },
               {
                  name: "38241",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/38241",
               },
               {
                  name: "42377",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/42377",
               },
               {
                  name: "GLSA-201203-22",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-201203-22.xml",
               },
               {
                  name: "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2009/11/05/3",
               },
               {
                  name: "SUSE-SR:2010:019",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html",
               },
               {
                  name: "60972",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/60972",
               },
               {
                  name: "1023426",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1023426",
               },
               {
                  name: "38484",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/38484",
               },
               {
                  name: "MDVSA-2010:084",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.betanews.com/article/1257452450",
               },
               {
                  name: "1021653",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html",
               },
               {
                  name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
               },
               {
                  name: "[4.6] 004: SECURITY FIX: November 26, 2009",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_OPENBSD",
                     "x_transferred",
                  ],
                  url: "http://openbsd.org/errata46.html#004_openssl",
               },
               {
                  name: "41967",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/41967",
               },
               {
                  name: "RHSA-2010:0807",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0807.html",
               },
               {
                  name: "ADV-2010-1191",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/1191",
               },
               {
                  name: "20091111 Re: SSL/TLS MiTM PoC",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2009/Nov/139",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html",
               },
               {
                  name: "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2009/11/05/5",
               },
               {
                  name: "39713",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39713",
               },
               {
                  name: "42733",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/42733",
               },
               {
                  name: "37291",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37291",
               },
               {
                  name: "FEDORA-2010-16312",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html",
               },
               {
                  name: "FEDORA-2010-5942",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html",
               },
               {
                  name: "ADV-2010-2745",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/2745",
               },
               {
                  name: "273350",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1",
               },
               {
                  name: "ADV-2010-0994",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0994",
               },
               {
                  name: "ADV-2010-0173",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0173",
               },
               {
                  name: "ADV-2010-1054",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/1054",
               },
               {
                  name: "65202",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/65202",
               },
               {
                  name: "HPSBGN02562",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041",
               },
               {
                  name: "FEDORA-2010-16294",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html",
               },
               {
                  name: "[gnutls-devel] 20091105 Re: TLS renegotiation MITM",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html",
               },
               {
                  name: "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://clicky.me/tlsvuln",
               },
               {
                  name: "42811",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/42811",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-11-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-13T16:08:08",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "APPLE-SA-2010-05-18-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html",
            },
            {
               name: "1023427",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023427",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.avaya.com/css/P8/documents/100081611",
            },
            {
               name: "62210",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/62210",
            },
            {
               name: "37640",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37640",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.arubanetworks.com/support/alerts/aid-020810.txt",
            },
            {
               name: "ADV-2010-0916",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0916",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.avaya.com/css/P8/documents/100114327",
            },
            {
               name: "RHSA-2010:0167",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0167.html",
            },
            {
               name: "ADV-2010-2010",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/2010",
            },
            {
               name: "FEDORA-2009-12750",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html",
            },
            {
               name: "ADV-2010-0086",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0086",
            },
            {
               name: "ADV-2010-1673",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/1673",
            },
            {
               name: "[tls] 20091104 TLS renegotiation issue",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html",
            },
            {
               name: "37656",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37656",
            },
            {
               name: "RHSA-2010:0865",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0865.html",
            },
            {
               name: "39628",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39628",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
            },
            {
               name: "42724",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/42724",
            },
            {
               name: "ADV-2009-3310",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/3310",
            },
            {
               name: "ADV-2009-3205",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/3205",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during",
            },
            {
               name: "39461",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39461",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.avaya.com/css/P8/documents/100114315",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c",
            },
            {
               name: "GLSA-201406-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-201406-32.xml",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.ingate.com/Relnote.php?ver=481",
            },
            {
               name: "1023204",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023204",
            },
            {
               name: "40866",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/40866",
            },
            {
               name: "HPSBMU02799",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2",
            },
            {
               name: "TA10-222A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA10-222A.html",
            },
            {
               name: "1023211",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023211",
            },
            {
               name: "SSRT090249",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686",
            },
            {
               name: "39317",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39317",
            },
            {
               name: "1023212",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023212",
            },
            {
               name: "SUSE-SA:2010:061",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html",
            },
            {
               name: "39127",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39127",
            },
            {
               name: "40545",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/40545",
            },
            {
               name: "ADV-2010-3069",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/3069",
            },
            {
               name: "[4.5] 010: SECURITY FIX: November 26, 2009",
               tags: [
                  "vendor-advisory",
                  "x_refsource_OPENBSD",
               ],
               url: "http://openbsd.org/errata45.html#010_openssl",
            },
            {
               name: "1023210",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023210",
            },
            {
               name: "1023270",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023270",
            },
            {
               name: "40070",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/40070",
            },
            {
               name: "1023273",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023273",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://kbase.redhat.com/faq/docs/DOC-20491",
            },
            {
               name: "USN-927-5",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-927-5",
            },
            {
               name: "PM12247",
               tags: [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
               ],
               url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247",
            },
            {
               name: "SUSE-SU-2011:0847",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html",
            },
            {
               name: "MDVSA-2010:089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089",
            },
            {
               name: "RHSA-2010:0770",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0770.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.openssl.org/news/secadv_20091111.txt",
            },
            {
               name: "1023275",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023275",
            },
            {
               name: "DSA-3253",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2015/dsa-3253",
            },
            {
               name: "ADV-2009-3484",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/3484",
            },
            {
               name: "1023207",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023207",
            },
            {
               name: "37859",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37859",
            },
            {
               name: "SSRT101846",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=142660345230545&w=2",
            },
            {
               name: "1021752",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1",
            },
            {
               name: "FEDORA-2010-6131",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html",
            },
            {
               name: "ADV-2010-0848",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0848",
            },
            {
               name: "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2009/11/07/3",
            },
            {
               name: "39819",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39819",
            },
            {
               name: "IC68055",
               tags: [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
               ],
               url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.links.org/?p=786",
            },
            {
               name: "60521",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/60521",
            },
            {
               name: "[oss-security] 20091123 Re: CVEs for nginx",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2009/11/23/10",
            },
            {
               name: "VU#120541",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/120541",
            },
            {
               name: "1023217",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023217",
            },
            {
               name: "RHSA-2010:0768",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0768.html",
            },
            {
               name: "ADV-2009-3353",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/3353",
            },
            {
               name: "FEDORA-2010-5357",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html",
            },
            {
               name: "39136",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39136",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.openoffice.org/security/cves/CVE-2009-3555.html",
            },
            {
               name: "ADV-2011-0032",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2011/0032",
            },
            {
               name: "1023148",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1023148",
            },
            {
               name: "openSUSE-SU-2011:0845",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html",
            },
            {
               name: "36935",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/36935",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.tombom.co.uk/blog/?p=85",
            },
            {
               name: "SSRT090208",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2",
            },
            {
               name: "ADV-2010-1107",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/1107",
            },
            {
               name: "1023218",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023218",
            },
            {
               name: "ADV-2010-1350",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/1350",
            },
            {
               name: "RHSA-2010:0338",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0338.html",
            },
            {
               name: "42379",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/42379",
            },
            {
               name: "FEDORA-2009-12775",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html",
            },
            {
               name: "20091109 Transport Layer Security Renegotiation Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml",
            },
            {
               name: "IC67848",
               tags: [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
               ],
               url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848",
            },
            {
               name: "1023213",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023213",
            },
            {
               name: "FEDORA-2010-16240",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html",
            },
            {
               name: "ADV-2010-1793",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/1793",
            },
            {
               name: "oval:org.mitre.oval:def:11617",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://extendedsubset.com/?p=8",
            },
            {
               name: "37292",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37292",
            },
            {
               name: "SSRT100817",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://www.securityfocus.com/archive/1/522176",
            },
            {
               name: "tls-renegotiation-weak-security(54158)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158",
            },
            {
               name: "APPLE-SA-2010-05-18-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html",
            },
            {
               name: "39278",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39278",
            },
            {
               name: "1023205",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023205",
            },
            {
               name: "RHSA-2010:0130",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0130.html",
            },
            {
               name: "HPSBUX02482",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686",
            },
            {
               name: "HPSBHF03293",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=142660345230545&w=2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.apple.com/kb/HT4004",
            },
            {
               name: "1023215",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023215",
            },
            {
               name: "USN-1010-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1010-1",
            },
            {
               name: "1023206",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023206",
            },
            {
               name: "SUSE-SR:2010:011",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
            },
            {
               name: "GLSA-200912-01",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200912-01.xml",
            },
            {
               name: "SSRT090180",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=127419602507642&w=2",
            },
            {
               name: "ADV-2009-3313",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/3313",
            },
            {
               name: "274990",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1",
            },
            {
               name: "1023208",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023208",
            },
            {
               name: "43308",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/43308",
            },
            {
               name: "1023214",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023214",
            },
            {
               name: "SUSE-SA:2009:057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html",
            },
            {
               name: "38781",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/38781",
            },
            {
               name: "HPSBOV02762",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2",
            },
            {
               name: "HPSBMA02534",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=127419602507642&w=2",
            },
            {
               name: "DSA-1934",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2009/dsa-1934",
            },
            {
               name: "FEDORA-2009-12782",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html",
            },
            {
               name: "oval:org.mitre.oval:def:7478",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478",
            },
            {
               name: "1023271",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023271",
            },
            {
               name: "APPLE-SA-2010-01-19-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html",
            },
            {
               name: "[cryptography] 20091105 OpenSSL 0.9.8l released",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://marc.info/?l=cryptography&m=125752275331877&w=2",
            },
            {
               name: "42467",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/42467",
            },
            {
               name: "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/508130/100/0/threaded",
            },
            {
               name: "oval:org.mitre.oval:def:7315",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315",
            },
            {
               name: "1023224",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023224",
            },
            {
               name: "SUSE-SR:2010:013",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html",
            },
            {
               name: "USN-927-4",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-927-4",
            },
            {
               name: "41490",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/41490",
            },
            {
               name: "20091124 rPSA-2009-0155-1 httpd mod_ssl",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded",
            },
            {
               name: "1023243",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023243",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html",
            },
            {
               name: "37504",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37504",
            },
            {
               name: "1023219",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023219",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://sysoev.ru/nginx/patch.cve-2009-3555.txt",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html",
            },
            {
               name: "1023163",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023163",
            },
            {
               name: "HPSBHF02706",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=132077688910227&w=2",
            },
            {
               name: "ADV-2009-3521",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/3521",
            },
            {
               name: "oval:org.mitre.oval:def:7973",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973",
            },
            {
               name: "HPSBMA02568",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125",
            },
            {
               name: "oval:org.mitre.oval:def:10088",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088",
            },
            {
               name: "44183",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/44183",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES",
            },
            {
               name: "42808",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/42808",
            },
            {
               name: "39500",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39500",
            },
            {
               name: "oval:org.mitre.oval:def:11578",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
            },
            {
               name: "ADV-2009-3220",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/3220",
            },
            {
               name: "SSRT100179",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751",
            },
            {
               name: "SSRT100089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=127557596201693&w=2",
            },
            {
               name: "RHSA-2010:0165",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0165.html",
            },
            {
               name: "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded",
            },
            {
               name: "RHSA-2010:0987",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0987.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=545755",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://blogs.iss.net/archive/sslmitmiscsrf.html",
            },
            {
               name: "1023411",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023411",
            },
            {
               name: "RHSA-2010:0339",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0339.html",
            },
            {
               name: "RHSA-2010:0986",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0986.html",
            },
            {
               name: "ADV-2009-3164",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/3164",
            },
            {
               name: "37383",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37383",
            },
            {
               name: "FEDORA-2009-12229",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html",
            },
            {
               name: "44954",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/44954",
            },
            {
               name: "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html",
            },
            {
               name: "HPSBUX02524",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=127557596201693&w=2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.avaya.com/css/P8/documents/100070150",
            },
            {
               name: "40747",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/40747",
            },
            {
               name: "HPSBUX02498",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=126150535619567&w=2",
            },
            {
               name: "HPSBMU02759",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://www.securityfocus.com/archive/1/522176",
            },
            {
               name: "39292",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39292",
            },
            {
               name: "42816",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/42816",
            },
            {
               name: "IC68054",
               tags: [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
               ],
               url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054",
            },
            {
               name: "273029",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1",
            },
            {
               name: "FEDORA-2009-12604",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://extendedsubset.com/Renegotiating_TLS.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www-01.ibm.com/support/docview.wss?uid=swg24025312",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www-01.ibm.com/support/docview.wss?uid=swg24006386",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.apple.com/kb/HT4170",
            },
            {
               name: "20091118 TLS / SSLv3 vulnerability explained (DRAFT)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/507952/100/0/threaded",
            },
            {
               name: "1023209",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023209",
            },
            {
               name: "PM00675",
               tags: [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
               ],
               url: "http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
            },
            {
               name: "HPSBOV02683",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2",
            },
            {
               name: "48577",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48577",
            },
            {
               name: "SSA:2009-320-01",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
               ],
               url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.links.org/?p=789",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.opera.com/docs/changelogs/unix/1060/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html",
            },
            {
               name: "RHSA-2011:0880",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2011-0880.html",
            },
            {
               name: "SUSE-SR:2010:008",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
            },
            {
               name: "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2009/11/06/3",
            },
            {
               name: "FEDORA-2009-12305",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://wiki.rpath.com/Advisories:rPSA-2009-0155",
            },
            {
               name: "SUSE-SR:2010:012",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.citrix.com/article/CTX123359",
            },
            {
               name: "37501",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37501",
            },
            {
               name: "MDVSA-2010:076",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076",
            },
            {
               name: "HPSBUX02517",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=127128920008563&w=2",
            },
            {
               name: "ADV-2009-3587",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/3587",
            },
            {
               name: "39632",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39632",
            },
            {
               name: "SSRT090264",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=126150535619567&w=2",
            },
            {
               name: "38687",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/38687",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=526689",
            },
            {
               name: "MS10-049",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MS",
               ],
               url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049",
            },
            {
               name: "ADV-2010-0982",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0982",
            },
            {
               name: "SSRT100825",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2",
            },
            {
               name: "37399",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37399",
            },
            {
               name: "USN-927-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-927-1",
            },
            {
               name: "1023272",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023272",
            },
            {
               name: "FEDORA-2009-12606",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html",
            },
            {
               name: "ADV-2010-3126",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/3126",
            },
            {
               name: "37320",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37320",
            },
            {
               name: "ADV-2009-3165",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/3165",
            },
            {
               name: "ADV-2010-1639",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/1639",
            },
            {
               name: "38020",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/38020",
            },
            {
               name: "USN-923-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://ubuntu.com/usn/usn-923-1",
            },
            {
               name: "39243",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39243",
            },
            {
               name: "oval:org.mitre.oval:def:8366",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366",
            },
            {
               name: "37453",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37453",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html",
            },
            {
               name: "ADV-2010-0933",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0933",
            },
            {
               name: "SSRT100219",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
            },
            {
               name: "41972",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/41972",
            },
            {
               name: "ADV-2010-3086",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/3086",
            },
            {
               name: "DSA-2141",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2011/dsa-2141",
            },
            {
               name: "1024789",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1024789",
            },
            {
               name: "RHSA-2010:0155",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0155.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html",
            },
            {
               name: "ADV-2011-0033",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2011/0033",
            },
            {
               name: "RHSA-2010:0337",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0337.html",
            },
            {
               name: "1023216",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023216",
            },
            {
               name: "41480",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/41480",
            },
            {
               name: "ADV-2011-0086",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2011/0086",
            },
            {
               name: "41818",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/41818",
            },
            {
               name: "37604",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37604",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.opera.com/support/search/view/944/",
            },
            {
               name: "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2",
            },
            {
               name: "SUSE-SR:2010:024",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html",
            },
            {
               name: "TA10-287A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA10-287A.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.links.org/?p=780",
            },
            {
               name: "RHSA-2010:0119",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0119.html",
            },
            {
               name: "38056",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/38056",
            },
            {
               name: "ADV-2010-0748",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0748",
            },
            {
               name: "37675",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37675",
            },
            {
               name: "oval:org.mitre.oval:def:8535",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535",
            },
            {
               name: "HPSBMA02547",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751",
            },
            {
               name: "SSRT100058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=127128920008563&w=2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
            },
            {
               name: "RHSA-2010:0786",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0786.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt",
            },
            {
               name: "38003",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/38003",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.apple.com/kb/HT4171",
            },
            {
               name: "1023428",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023428",
            },
            {
               name: "SSRT100613",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=132077688910227&w=2",
            },
            {
               name: "[oss-security] 20091120 CVEs for nginx",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2009/11/20/1",
            },
            {
               name: "ADV-2009-3354",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/3354",
            },
            {
               name: "1023274",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023274",
            },
            {
               name: "FEDORA-2009-12968",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html",
            },
            {
               name: "39242",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39242",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://kb.bluecoat.com/index?page=content&id=SA50",
            },
            {
               name: "38241",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/38241",
            },
            {
               name: "42377",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/42377",
            },
            {
               name: "GLSA-201203-22",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-201203-22.xml",
            },
            {
               name: "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2009/11/05/3",
            },
            {
               name: "SUSE-SR:2010:019",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html",
            },
            {
               name: "60972",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/60972",
            },
            {
               name: "1023426",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1023426",
            },
            {
               name: "38484",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/38484",
            },
            {
               name: "MDVSA-2010:084",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.betanews.com/article/1257452450",
            },
            {
               name: "1021653",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html",
            },
            {
               name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
            },
            {
               name: "[4.6] 004: SECURITY FIX: November 26, 2009",
               tags: [
                  "vendor-advisory",
                  "x_refsource_OPENBSD",
               ],
               url: "http://openbsd.org/errata46.html#004_openssl",
            },
            {
               name: "41967",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/41967",
            },
            {
               name: "RHSA-2010:0807",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0807.html",
            },
            {
               name: "ADV-2010-1191",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/1191",
            },
            {
               name: "20091111 Re: SSL/TLS MiTM PoC",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2009/Nov/139",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html",
            },
            {
               name: "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2009/11/05/5",
            },
            {
               name: "39713",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39713",
            },
            {
               name: "42733",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/42733",
            },
            {
               name: "37291",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37291",
            },
            {
               name: "FEDORA-2010-16312",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html",
            },
            {
               name: "FEDORA-2010-5942",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html",
            },
            {
               name: "ADV-2010-2745",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/2745",
            },
            {
               name: "273350",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1",
            },
            {
               name: "ADV-2010-0994",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0994",
            },
            {
               name: "ADV-2010-0173",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0173",
            },
            {
               name: "ADV-2010-1054",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/1054",
            },
            {
               name: "65202",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/65202",
            },
            {
               name: "HPSBGN02562",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041",
            },
            {
               name: "FEDORA-2010-16294",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html",
            },
            {
               name: "[gnutls-devel] 20091105 Re: TLS renegotiation MITM",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html",
            },
            {
               name: "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://clicky.me/tlsvuln",
            },
            {
               name: "42811",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/42811",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2009-3555",
      datePublished: "2009-11-09T17:00:00",
      dateReserved: "2009-10-05T00:00:00",
      dateUpdated: "2024-08-07T06:31:10.430Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-0390
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-06 18:23
Severity ?
Summary
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
References
http://secunia.com/advisories/57260third-party-advisory, x_refsource_SECUNIA
http://www.isg.rhul.ac.uk/~kp/dtls.pdfx_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T18:23:31.227Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "57260",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57260",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.isg.rhul.ac.uk/~kp/dtls.pdf",
               },
               {
                  name: "SUSE-SU-2014:0320",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-01-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-03-18T11:57:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "57260",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57260",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.isg.rhul.ac.uk/~kp/dtls.pdf",
            },
            {
               name: "SUSE-SU-2014:0320",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2012-0390",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "57260",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57260",
                  },
                  {
                     name: "http://www.isg.rhul.ac.uk/~kp/dtls.pdf",
                     refsource: "MISC",
                     url: "http://www.isg.rhul.ac.uk/~kp/dtls.pdf",
                  },
                  {
                     name: "SUSE-SU-2014:0320",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2012-0390",
      datePublished: "2012-01-06T01:00:00",
      dateReserved: "2012-01-05T00:00:00",
      dateUpdated: "2024-08-06T18:23:31.227Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-3829
Vulnerability from cvelistv5
Published
2019-03-27 17:24
Modified
2024-08-04 19:19
Summary
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
Impacted products
Vendor Product Version
gnutls gnutls Version: fixed in 3.6.7
Version: affected from 3.5.8
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T19:19:18.605Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/issues/694",
               },
               {
                  name: "FEDORA-2019-971ded6f90",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/",
               },
               {
                  name: "FEDORA-2019-e8c1cf958f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/",
               },
               {
                  name: "FEDORA-2019-46df367eed",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/",
               },
               {
                  name: "GLSA-201904-14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201904-14",
               },
               {
                  name: "openSUSE-SU-2019:1353",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
               },
               {
                  name: "USN-3999-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3999-1/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20190619-0004/",
               },
               {
                  name: "RHSA-2019:3600",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:3600",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "gnutls",
               vendor: "gnutls",
               versions: [
                  {
                     status: "affected",
                     version: "fixed in 3.6.7",
                  },
                  {
                     status: "affected",
                     version: "affected from 3.5.8",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-06T00:08:12",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/issues/694",
            },
            {
               name: "FEDORA-2019-971ded6f90",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/",
            },
            {
               name: "FEDORA-2019-e8c1cf958f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/",
            },
            {
               name: "FEDORA-2019-46df367eed",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/",
            },
            {
               name: "GLSA-201904-14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201904-14",
            },
            {
               name: "openSUSE-SU-2019:1353",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
            },
            {
               name: "USN-3999-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/3999-1/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20190619-0004/",
            },
            {
               name: "RHSA-2019:3600",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:3600",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2019-3829",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "gnutls",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "fixed in 3.6.7",
                                       },
                                       {
                                          version_value: "affected from 3.5.8",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "gnutls",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.",
                  },
               ],
            },
            impact: {
               cvss: [
                  [
                     {
                        vectorString: "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                        version: "3.0",
                     },
                  ],
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-416",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27",
                     refsource: "MISC",
                     url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/issues/694",
                     refsource: "CONFIRM",
                     url: "https://gitlab.com/gnutls/gnutls/issues/694",
                  },
                  {
                     name: "FEDORA-2019-971ded6f90",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/",
                  },
                  {
                     name: "FEDORA-2019-e8c1cf958f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/",
                  },
                  {
                     name: "FEDORA-2019-46df367eed",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/",
                  },
                  {
                     name: "GLSA-201904-14",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201904-14",
                  },
                  {
                     name: "openSUSE-SU-2019:1353",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
                  },
                  {
                     name: "USN-3999-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/3999-1/",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20190619-0004/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20190619-0004/",
                  },
                  {
                     name: "RHSA-2019:3600",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:3600",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-3829",
      datePublished: "2019-03-27T17:24:17",
      dateReserved: "2019-01-03T00:00:00",
      dateUpdated: "2024-08-04T19:19:18.605Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-16868
Vulnerability from cvelistv5
Published
2018-12-03 14:00
Modified
2024-08-05 10:32
Summary
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
Impacted products
Vendor Product Version
[UNKNOWN] gnutls Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T10:32:54.146Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "106080",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/106080",
               },
               {
                  name: "openSUSE-SU-2019:1353",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
               },
               {
                  name: "openSUSE-SU-2019:1477",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://cat.eyalro.net/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "gnutls",
               vendor: "[UNKNOWN]",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-11-30T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "PHYSICAL",
                  availabilityImpact: "NONE",
                  baseScore: 4.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-203",
                     description: "CWE-203",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-12-04T18:00:57",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "106080",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/106080",
            },
            {
               name: "openSUSE-SU-2019:1353",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
            },
            {
               name: "openSUSE-SU-2019:1477",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://cat.eyalro.net/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2018-16868",
      datePublished: "2018-12-03T14:00:00",
      dateReserved: "2018-09-11T00:00:00",
      dateUpdated: "2024-08-05T10:32:54.146Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-0282
Vulnerability from cvelistv5
Published
2015-03-24 17:00
Modified
2024-08-06 04:03
Severity ?
Summary
GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
References
http://www.gnutls.org/security.htmlx_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3191vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/73119vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2015-1457.htmlvendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1032148vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:03:10.835Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnutls.org/security.html",
               },
               {
                  name: "DSA-3191",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2015/dsa-3191",
               },
               {
                  name: "73119",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/73119",
               },
               {
                  name: "RHSA-2015:1457",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-1457.html",
               },
               {
                  name: "1032148",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1032148",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-03-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnutls.org/security.html",
            },
            {
               name: "DSA-3191",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2015/dsa-3191",
            },
            {
               name: "73119",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/73119",
            },
            {
               name: "RHSA-2015:1457",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-1457.html",
            },
            {
               name: "1032148",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1032148",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-0282",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.gnutls.org/security.html",
                     refsource: "CONFIRM",
                     url: "http://www.gnutls.org/security.html",
                  },
                  {
                     name: "DSA-3191",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2015/dsa-3191",
                  },
                  {
                     name: "73119",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/73119",
                  },
                  {
                     name: "RHSA-2015:1457",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2015-1457.html",
                  },
                  {
                     name: "1032148",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1032148",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-0282",
      datePublished: "2015-03-24T17:00:00",
      dateReserved: "2014-11-18T00:00:00",
      dateUpdated: "2024-08-06T04:03:10.835Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2509
Vulnerability from cvelistv5
Published
2022-08-01 14:01
Modified
2024-08-03 00:39
Severity ?
Summary
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
Impacted products
Vendor Product Version
n/a GnuTLS Version: gnutls 3.7.7(Fixed)
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:39:07.997Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2022-2509",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html",
               },
               {
                  name: "DSA-5203",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5203",
               },
               {
                  name: "[debian-lts-announce] 20220812 [SECURITY] [DLA 3070-1] gnutls28 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html",
               },
               {
                  name: "FEDORA-2022-5470992bfc",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "GnuTLS",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "gnutls 3.7.7(Fixed)",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Double Free",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-14T04:06:13",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2022-2509",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html",
            },
            {
               name: "DSA-5203",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5203",
            },
            {
               name: "[debian-lts-announce] 20220812 [SECURITY] [DLA 3070-1] gnutls28 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html",
            },
            {
               name: "FEDORA-2022-5470992bfc",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2022-2509",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "GnuTLS",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "gnutls 3.7.7(Fixed)",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Double Free",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://access.redhat.com/security/cve/CVE-2022-2509",
                     refsource: "MISC",
                     url: "https://access.redhat.com/security/cve/CVE-2022-2509",
                  },
                  {
                     name: "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html",
                     refsource: "MISC",
                     url: "https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html",
                  },
                  {
                     name: "DSA-5203",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5203",
                  },
                  {
                     name: "[debian-lts-announce] 20220812 [SECURITY] [DLA 3070-1] gnutls28 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html",
                  },
                  {
                     name: "FEDORA-2022-5470992bfc",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2022-2509",
      datePublished: "2022-08-01T14:01:10",
      dateReserved: "2022-07-22T00:00:00",
      dateUpdated: "2024-08-03T00:39:07.997Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3466
Vulnerability from cvelistv5
Published
2014-06-03 14:00
Modified
2024-08-06 10:43
Severity ?
Summary
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
References
http://www.gnutls.org/security.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678776x_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-2944vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/58340third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0595.htmlvendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-2229-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/58642third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/67741vdb-entry, x_refsource_BID
http://www.novell.com/support/kb/doc.php?id=7015302x_refsource_CONFIRM
http://secunia.com/advisories/59057third-party-advisory, x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-0595.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59086third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1101932x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2014-0684.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/59021third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0815.htmlvendor-advisory, x_refsource_REDHAT
http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/x_refsource_MISC
http://www.novell.com/support/kb/doc.php?id=7015303x_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-0594.htmlx_refsource_CONFIRM
http://secunia.com/advisories/58598third-party-advisory, x_refsource_SECUNIA
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155x_refsource_CONFIRM
http://secunia.com/advisories/59838third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/60384third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0594.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/59016third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/58601third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59408third-party-advisory, x_refsource_SECUNIA
https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfdx_refsource_CONFIRM
http://www.securitytracker.com/id/1030314vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:43:06.197Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnutls.org/security.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www-01.ibm.com/support/docview.wss?uid=swg21678776",
               },
               {
                  name: "DSA-2944",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-2944",
               },
               {
                  name: "58340",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/58340",
               },
               {
                  name: "RHSA-2014:0595",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0595.html",
               },
               {
                  name: "USN-2229-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2229-1",
               },
               {
                  name: "58642",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/58642",
               },
               {
                  name: "67741",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/67741",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/support/kb/doc.php?id=7015302",
               },
               {
                  name: "59057",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59057",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://linux.oracle.com/errata/ELSA-2014-0595.html",
               },
               {
                  name: "59086",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59086",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1101932",
               },
               {
                  name: "SUSE-SU-2014:0758",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
               },
               {
                  name: "RHSA-2014:0684",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0684.html",
               },
               {
                  name: "openSUSE-SU-2014:0763",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html",
               },
               {
                  name: "59021",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59021",
               },
               {
                  name: "RHSA-2014:0815",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/support/kb/doc.php?id=7015303",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
               },
               {
                  name: "58598",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/58598",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155",
               },
               {
                  name: "59838",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59838",
               },
               {
                  name: "SUSE-SU-2014:0788",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
               },
               {
                  name: "60384",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/60384",
               },
               {
                  name: "RHSA-2014:0594",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
               },
               {
                  name: "59016",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59016",
               },
               {
                  name: "openSUSE-SU-2014:0767",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html",
               },
               {
                  name: "58601",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/58601",
               },
               {
                  name: "59408",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59408",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd",
               },
               {
                  name: "1030314",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1030314",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-05-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-12-28T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnutls.org/security.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www-01.ibm.com/support/docview.wss?uid=swg21678776",
            },
            {
               name: "DSA-2944",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2014/dsa-2944",
            },
            {
               name: "58340",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/58340",
            },
            {
               name: "RHSA-2014:0595",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0595.html",
            },
            {
               name: "USN-2229-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2229-1",
            },
            {
               name: "58642",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/58642",
            },
            {
               name: "67741",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/67741",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.novell.com/support/kb/doc.php?id=7015302",
            },
            {
               name: "59057",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59057",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://linux.oracle.com/errata/ELSA-2014-0595.html",
            },
            {
               name: "59086",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59086",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1101932",
            },
            {
               name: "SUSE-SU-2014:0758",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
            },
            {
               name: "RHSA-2014:0684",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0684.html",
            },
            {
               name: "openSUSE-SU-2014:0763",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html",
            },
            {
               name: "59021",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59021",
            },
            {
               name: "RHSA-2014:0815",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.novell.com/support/kb/doc.php?id=7015303",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
            },
            {
               name: "58598",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/58598",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155",
            },
            {
               name: "59838",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59838",
            },
            {
               name: "SUSE-SU-2014:0788",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
            },
            {
               name: "60384",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/60384",
            },
            {
               name: "RHSA-2014:0594",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
            },
            {
               name: "59016",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59016",
            },
            {
               name: "openSUSE-SU-2014:0767",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html",
            },
            {
               name: "58601",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/58601",
            },
            {
               name: "59408",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59408",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd",
            },
            {
               name: "1030314",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1030314",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2014-3466",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.gnutls.org/security.html",
                     refsource: "CONFIRM",
                     url: "http://www.gnutls.org/security.html",
                  },
                  {
                     name: "http://www-01.ibm.com/support/docview.wss?uid=swg21678776",
                     refsource: "CONFIRM",
                     url: "http://www-01.ibm.com/support/docview.wss?uid=swg21678776",
                  },
                  {
                     name: "DSA-2944",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2014/dsa-2944",
                  },
                  {
                     name: "58340",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/58340",
                  },
                  {
                     name: "RHSA-2014:0595",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0595.html",
                  },
                  {
                     name: "USN-2229-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2229-1",
                  },
                  {
                     name: "58642",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/58642",
                  },
                  {
                     name: "67741",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/67741",
                  },
                  {
                     name: "http://www.novell.com/support/kb/doc.php?id=7015302",
                     refsource: "CONFIRM",
                     url: "http://www.novell.com/support/kb/doc.php?id=7015302",
                  },
                  {
                     name: "59057",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59057",
                  },
                  {
                     name: "http://linux.oracle.com/errata/ELSA-2014-0595.html",
                     refsource: "CONFIRM",
                     url: "http://linux.oracle.com/errata/ELSA-2014-0595.html",
                  },
                  {
                     name: "59086",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59086",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1101932",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1101932",
                  },
                  {
                     name: "SUSE-SU-2014:0758",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
                  },
                  {
                     name: "RHSA-2014:0684",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0684.html",
                  },
                  {
                     name: "openSUSE-SU-2014:0763",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html",
                  },
                  {
                     name: "59021",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59021",
                  },
                  {
                     name: "RHSA-2014:0815",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
                  },
                  {
                     name: "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/",
                     refsource: "MISC",
                     url: "http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/",
                  },
                  {
                     name: "http://www.novell.com/support/kb/doc.php?id=7015303",
                     refsource: "CONFIRM",
                     url: "http://www.novell.com/support/kb/doc.php?id=7015303",
                  },
                  {
                     name: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                     refsource: "CONFIRM",
                     url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                  },
                  {
                     name: "58598",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/58598",
                  },
                  {
                     name: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155",
                     refsource: "CONFIRM",
                     url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096155",
                  },
                  {
                     name: "59838",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59838",
                  },
                  {
                     name: "SUSE-SU-2014:0788",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
                  },
                  {
                     name: "60384",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/60384",
                  },
                  {
                     name: "RHSA-2014:0594",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
                  },
                  {
                     name: "59016",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59016",
                  },
                  {
                     name: "openSUSE-SU-2014:0767",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html",
                  },
                  {
                     name: "58601",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/58601",
                  },
                  {
                     name: "59408",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59408",
                  },
                  {
                     name: "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd",
                     refsource: "CONFIRM",
                     url: "https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd",
                  },
                  {
                     name: "1030314",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1030314",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3466",
      datePublished: "2014-06-03T14:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:43:06.197Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-1959
Vulnerability from cvelistv5
Published
2014-03-06 18:00
Modified
2024-08-06 09:58
Severity ?
Summary
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
References
http://www.gnutls.org/security.htmlx_refsource_CONFIRM
http://seclists.org/oss-sec/2014/q1/344mailing-list, x_refsource_MLIST
http://seclists.org/oss-sec/2014/q1/345mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/65559vdb-entry, x_refsource_BID
http://www.ubuntu.com/usn/USN-2121-1vendor-advisory, x_refsource_UBUNTU
https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7cx_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-2866vendor-advisory, x_refsource_DEBIAN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:58:15.628Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnutls.org/security.html",
               },
               {
                  name: "[oss-security] 20140213 CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/oss-sec/2014/q1/344",
               },
               {
                  name: "[oss-security] 20140213 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/oss-sec/2014/q1/345",
               },
               {
                  name: "65559",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/65559",
               },
               {
                  name: "USN-2121-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2121-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c",
               },
               {
                  name: "DSA-2866",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-2866",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-02-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-11-25T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnutls.org/security.html",
            },
            {
               name: "[oss-security] 20140213 CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://seclists.org/oss-sec/2014/q1/344",
            },
            {
               name: "[oss-security] 20140213 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://seclists.org/oss-sec/2014/q1/345",
            },
            {
               name: "65559",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/65559",
            },
            {
               name: "USN-2121-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2121-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c",
            },
            {
               name: "DSA-2866",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2014/dsa-2866",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-1959",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.gnutls.org/security.html",
                     refsource: "CONFIRM",
                     url: "http://www.gnutls.org/security.html",
                  },
                  {
                     name: "[oss-security] 20140213 CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
                     refsource: "MLIST",
                     url: "http://seclists.org/oss-sec/2014/q1/344",
                  },
                  {
                     name: "[oss-security] 20140213 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)",
                     refsource: "MLIST",
                     url: "http://seclists.org/oss-sec/2014/q1/345",
                  },
                  {
                     name: "65559",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/65559",
                  },
                  {
                     name: "USN-2121-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2121-1",
                  },
                  {
                     name: "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c",
                     refsource: "CONFIRM",
                     url: "https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c",
                  },
                  {
                     name: "DSA-2866",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2014/dsa-2866",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-1959",
      datePublished: "2014-03-06T18:00:00",
      dateReserved: "2014-02-13T00:00:00",
      dateUpdated: "2024-08-06T09:58:15.628Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-10844
Vulnerability from cvelistv5
Published
2018-08-22 13:00
Modified
2024-08-05 07:46
Summary
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
Impacted products
Vendor Product Version
[UNKNOWN] gnutls Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T07:46:46.944Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://eprint.iacr.org/2018/747",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/merge_requests/657",
               },
               {
                  name: "RHSA-2018:3505",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:3505",
               },
               {
                  name: "105138",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/105138",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844",
               },
               {
                  name: "RHSA-2018:3050",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:3050",
               },
               {
                  name: "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html",
               },
               {
                  name: "USN-3999-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3999-1/",
               },
               {
                  name: "FEDORA-2020-f90fb78f70",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
               },
               {
                  name: "FEDORA-2020-d14280a6e8",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "gnutls",
               vendor: "[UNKNOWN]",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-08-17T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-385",
                     description: "CWE-385",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-08T05:06:09",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://eprint.iacr.org/2018/747",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/merge_requests/657",
            },
            {
               name: "RHSA-2018:3505",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:3505",
            },
            {
               name: "105138",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/105138",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844",
            },
            {
               name: "RHSA-2018:3050",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:3050",
            },
            {
               name: "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html",
            },
            {
               name: "USN-3999-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/3999-1/",
            },
            {
               name: "FEDORA-2020-f90fb78f70",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
            },
            {
               name: "FEDORA-2020-d14280a6e8",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2018-10844",
      datePublished: "2018-08-22T13:00:00",
      dateReserved: "2018-05-09T00:00:00",
      dateUpdated: "2024-08-05T07:46:46.944Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-20232
Vulnerability from cvelistv5
Published
2021-03-12 18:25
Modified
2024-08-03 17:37
Severity ?
Summary
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
References
https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1922275x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20210416-0005/x_refsource_CONFIRM
https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
n/a gnutls Version: gnutls 3.7.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:37:22.666Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922275",
               },
               {
                  name: "FEDORA-2021-18bef34f05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/",
               },
               {
                  name: "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20210416-0005/",
               },
               {
                  name: "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "gnutls",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "gnutls 3.7.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-04-30T09:06:16",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922275",
            },
            {
               name: "FEDORA-2021-18bef34f05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/",
            },
            {
               name: "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20210416-0005/",
            },
            {
               name: "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E",
            },
            {
               name: "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E",
            },
            {
               name: "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E",
            },
            {
               name: "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E",
            },
            {
               name: "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E",
            },
            {
               name: "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E",
            },
            {
               name: "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2021-20232",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "gnutls",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "gnutls 3.7.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-416",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
                     refsource: "MISC",
                     url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1922275",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922275",
                  },
                  {
                     name: "FEDORA-2021-18bef34f05",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/",
                  },
                  {
                     name: "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20210416-0005/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20210416-0005/",
                  },
                  {
                     name: "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-20232",
      datePublished: "2021-03-12T18:25:29",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-08-03T17:37:22.666Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-1663
Vulnerability from cvelistv5
Published
2012-03-13 22:00
Modified
2024-08-06 19:01
Severity ?
Summary
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T19:01:02.915Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "gnutls-libgnutls-certificate-dos(74099)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74099",
               },
               {
                  name: "24865",
                  tags: [
                     "exploit",
                     "x_refsource_EXPLOIT-DB",
                     "x_transferred",
                  ],
                  url: "http://www.exploit-db.com/exploits/24865",
               },
               {
                  name: "[gnutls-devel] 20120224 gnutls 3.0.14",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5866",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-02-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "gnutls-libgnutls-certificate-dos(74099)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74099",
            },
            {
               name: "24865",
               tags: [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
               ],
               url: "http://www.exploit-db.com/exploits/24865",
            },
            {
               name: "[gnutls-devel] 20120224 gnutls 3.0.14",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5866",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2012-1663",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "gnutls-libgnutls-certificate-dos(74099)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74099",
                  },
                  {
                     name: "24865",
                     refsource: "EXPLOIT-DB",
                     url: "http://www.exploit-db.com/exploits/24865",
                  },
                  {
                     name: "[gnutls-devel] 20120224 gnutls 3.0.14",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5866",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2012-1663",
      datePublished: "2012-03-13T22:00:00",
      dateReserved: "2012-03-13T00:00:00",
      dateUpdated: "2024-08-06T19:01:02.915Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-1390
Vulnerability from cvelistv5
Published
2009-06-16 20:26
Modified
2024-08-07 05:13
Severity ?
Summary
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T05:13:25.481Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "35288",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/35288",
               },
               {
                  name: "FEDORA-2009-6465",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a",
               },
               {
                  name: "mutt-x509-security-bypass(51068)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770",
               },
               {
                  name: "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2009/06/10/2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-06-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-16T14:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "35288",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/35288",
            },
            {
               name: "FEDORA-2009-6465",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a",
            },
            {
               name: "mutt-x509-security-bypass(51068)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770",
            },
            {
               name: "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2009/06/10/2",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2009-1390",
      datePublished: "2009-06-16T20:26:00",
      dateReserved: "2009-04-23T00:00:00",
      dateUpdated: "2024-08-07T05:13:25.481Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-2409
Vulnerability from cvelistv5
Published
2009-07-30 19:00
Modified
2024-08-07 05:52
Severity ?
Summary
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
References
http://secunia.com/advisories/36139third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/36157third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:197vendor-advisory, x_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:216vendor-advisory, x_refsource_MANDRIVA
https://www.debian.org/security/2009/dsa-1888vendor-advisory, x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594vdb-entry, signature, x_refsource_OVAL
http://security.gentoo.org/glsa/glsa-200911-02.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/36434third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200912-01.xmlvendor-advisory, x_refsource_GENTOO
http://www.securitytracker.com/id?1022631vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/42467third-party-advisory, x_refsource_SECUNIA
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlmailing-list, x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2009-1207.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/archive/1/515055/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/36669third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-1432.htmlvendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/usn-810-1vendor-advisory, x_refsource_UBUNTU
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763vdb-entry, signature, x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDVSA-2009:258vendor-advisory, x_refsource_MANDRIVA
https://usn.ubuntu.com/810-2/vendor-advisory, x_refsource_UBUNTU
http://java.sun.com/javase/6/webnotes/6u17.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155vdb-entry, signature, x_refsource_OVAL
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlmailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2010/3126vdb-entry, x_refsource_VUPEN
https://rhn.redhat.com/errata/RHSA-2010-0095.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/3184vdb-entry, x_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409x_refsource_CONFIRM
http://java.sun.com/j2se/1.5.0/ReleaseNotes.htmlx_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631vdb-entry, signature, x_refsource_OVAL
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/37386third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2085vdb-entry, x_refsource_VUPEN
http://www.debian.org/security/2009/dsa-1874vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/36739third-party-advisory, x_refsource_SECUNIA
http://support.apple.com/kb/HT3937x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T05:52:14.899Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "36139",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36139",
               },
               {
                  name: "36157",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36157",
               },
               {
                  name: "MDVSA-2009:197",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197",
               },
               {
                  name: "MDVSA-2009:216",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216",
               },
               {
                  name: "DSA-1888",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2009/dsa-1888",
               },
               {
                  name: "oval:org.mitre.oval:def:8594",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594",
               },
               {
                  name: "GLSA-200911-02",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200911-02.xml",
               },
               {
                  name: "36434",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36434",
               },
               {
                  name: "GLSA-200912-01",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200912-01.xml",
               },
               {
                  name: "1022631",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1022631",
               },
               {
                  name: "42467",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/42467",
               },
               {
                  name: "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html",
               },
               {
                  name: "RHSA-2009:1207",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2009-1207.html",
               },
               {
                  name: "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded",
               },
               {
                  name: "36669",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36669",
               },
               {
                  name: "RHSA-2009:1432",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2009-1432.html",
               },
               {
                  name: "USN-810-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-810-1",
               },
               {
                  name: "oval:org.mitre.oval:def:10763",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763",
               },
               {
                  name: "MDVSA-2009:258",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258",
               },
               {
                  name: "USN-810-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/810-2/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://java.sun.com/javase/6/webnotes/6u17.html",
               },
               {
                  name: "oval:org.mitre.oval:def:7155",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155",
               },
               {
                  name: "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html",
               },
               {
                  name: "ADV-2010-3126",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/3126",
               },
               {
                  name: "RHSA-2010:0095",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://rhn.redhat.com/errata/RHSA-2010-0095.html",
               },
               {
                  name: "ADV-2009-3184",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/3184",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
               },
               {
                  name: "oval:org.mitre.oval:def:6631",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631",
               },
               {
                  name: "APPLE-SA-2009-11-09-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html",
               },
               {
                  name: "MDVSA-2010:084",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084",
               },
               {
                  name: "37386",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37386",
               },
               {
                  name: "ADV-2009-2085",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/2085",
               },
               {
                  name: "DSA-1874",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2009/dsa-1874",
               },
               {
                  name: "36739",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/36739",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.apple.com/kb/HT3937",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-07-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time.  NOTE: the scope of this issue is currently limited because the amount of computation required is still large.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-10T18:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "36139",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36139",
            },
            {
               name: "36157",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36157",
            },
            {
               name: "MDVSA-2009:197",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197",
            },
            {
               name: "MDVSA-2009:216",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216",
            },
            {
               name: "DSA-1888",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2009/dsa-1888",
            },
            {
               name: "oval:org.mitre.oval:def:8594",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594",
            },
            {
               name: "GLSA-200911-02",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200911-02.xml",
            },
            {
               name: "36434",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36434",
            },
            {
               name: "GLSA-200912-01",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200912-01.xml",
            },
            {
               name: "1022631",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1022631",
            },
            {
               name: "42467",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/42467",
            },
            {
               name: "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html",
            },
            {
               name: "RHSA-2009:1207",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2009-1207.html",
            },
            {
               name: "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded",
            },
            {
               name: "36669",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36669",
            },
            {
               name: "RHSA-2009:1432",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2009-1432.html",
            },
            {
               name: "USN-810-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-810-1",
            },
            {
               name: "oval:org.mitre.oval:def:10763",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763",
            },
            {
               name: "MDVSA-2009:258",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258",
            },
            {
               name: "USN-810-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/810-2/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://java.sun.com/javase/6/webnotes/6u17.html",
            },
            {
               name: "oval:org.mitre.oval:def:7155",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155",
            },
            {
               name: "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html",
            },
            {
               name: "ADV-2010-3126",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/3126",
            },
            {
               name: "RHSA-2010:0095",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://rhn.redhat.com/errata/RHSA-2010-0095.html",
            },
            {
               name: "ADV-2009-3184",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/3184",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
            },
            {
               name: "oval:org.mitre.oval:def:6631",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631",
            },
            {
               name: "APPLE-SA-2009-11-09-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html",
            },
            {
               name: "MDVSA-2010:084",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084",
            },
            {
               name: "37386",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37386",
            },
            {
               name: "ADV-2009-2085",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/2085",
            },
            {
               name: "DSA-1874",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2009/dsa-1874",
            },
            {
               name: "36739",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/36739",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.apple.com/kb/HT3937",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2009-2409",
      datePublished: "2009-07-30T19:00:00",
      dateReserved: "2009-07-09T00:00:00",
      dateUpdated: "2024-08-07T05:52:14.899Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2008-1949
Vulnerability from cvelistv5
Published
2008-05-21 10:00
Modified
2024-08-07 08:41
Severity ?
Summary
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
References
http://secunia.com/advisories/30331third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/31939third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-613-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.htmlvendor-advisory, x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2008-0492.htmlvendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2008/05/20/1mailing-list, x_refsource_MLIST
http://security.gentoo.org/glsa/glsa-200805-20.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/30355third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30317third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/492282/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2008-0489.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/archive/1/492464/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.htmlmailing-list, x_refsource_MLIST
http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558x_refsource_CONFIRM
http://secunia.com/advisories/30324third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30302third-party-advisory, x_refsource_SECUNIA
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.htmlmailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2008/1583/referencesvdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/29292vdb-entry, x_refsource_BID
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/30330third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1582/referencesvdb-entry, x_refsource_VUPEN
http://www.openwall.com/lists/oss-security/2008/05/20/3mailing-list, x_refsource_MLIST
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174x_refsource_CONFIRM
http://secunia.com/advisories/30338third-party-advisory, x_refsource_SECUNIA
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.htmlmailing-list, x_refsource_MLIST
http://www.debian.org/security/2008/dsa-1581vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2008/05/20/2mailing-list, x_refsource_MLIST
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.htmlvendor-advisory, x_refsource_FEDORA
http://securityreason.com/securityalert/3902third-party-advisory, x_refsource_SREASON
https://issues.rpath.com/browse/RPL-2552x_refsource_CONFIRM
http://secunia.com/advisories/30287third-party-advisory, x_refsource_SECUNIA
http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97bx_refsource_CONFIRM
http://www.cert.fi/haavoittuvuudet/advisory-gnutls.htmlx_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/42530vdb-entry, x_refsource_XF
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id?1020058vdb-entry, x_refsource_SECTRACK
http://www.mandriva.com/security/advisories?name=MDVSA-2008:106vendor-advisory, x_refsource_MANDRIVA
http://www.kb.cert.org/vuls/id/252626third-party-advisory, x_refsource_CERT-VN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T08:41:00.207Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "30331",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30331",
               },
               {
                  name: "oval:org.mitre.oval:def:9519",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519",
               },
               {
                  name: "31939",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/31939",
               },
               {
                  name: "USN-613-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-613-1",
               },
               {
                  name: "SUSE-SA:2008:046",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
               },
               {
                  name: "RHSA-2008:0492",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
               },
               {
                  name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
               },
               {
                  name: "GLSA-200805-20",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
               },
               {
                  name: "30355",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30355",
               },
               {
                  name: "30317",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30317",
               },
               {
                  name: "20080520 Vulnerability Advisory on GnuTLS",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
               },
               {
                  name: "RHSA-2008:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
               },
               {
                  name: "20080522 rPSA-2008-0174-1 gnutls",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
               },
               {
                  name: "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
               },
               {
                  name: "30324",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30324",
               },
               {
                  name: "30302",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30302",
               },
               {
                  name: "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
               },
               {
                  name: "ADV-2008-1583",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1583/references",
               },
               {
                  name: "29292",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/29292",
               },
               {
                  name: "FEDORA-2008-4274",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
               },
               {
                  name: "30330",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30330",
               },
               {
                  name: "ADV-2008-1582",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1582/references",
               },
               {
                  name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
               },
               {
                  name: "30338",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30338",
               },
               {
                  name: "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
               },
               {
                  name: "DSA-1581",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2008/dsa-1581",
               },
               {
                  name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
               },
               {
                  name: "FEDORA-2008-4259",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
               },
               {
                  name: "3902",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SREASON",
                     "x_transferred",
                  ],
                  url: "http://securityreason.com/securityalert/3902",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.rpath.com/browse/RPL-2552",
               },
               {
                  name: "30287",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30287",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
               },
               {
                  name: "gnutls-gnutlsrecvclientkxmessage-bo(42530)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42530",
               },
               {
                  name: "FEDORA-2008-4183",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
               },
               {
                  name: "1020058",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1020058",
               },
               {
                  name: "MDVSA-2008:106",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
               },
               {
                  name: "VU#252626",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/252626",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-05-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-11T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "30331",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30331",
            },
            {
               name: "oval:org.mitre.oval:def:9519",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519",
            },
            {
               name: "31939",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/31939",
            },
            {
               name: "USN-613-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-613-1",
            },
            {
               name: "SUSE-SA:2008:046",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
            },
            {
               name: "RHSA-2008:0492",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
            },
            {
               name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
            },
            {
               name: "GLSA-200805-20",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
            },
            {
               name: "30355",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30355",
            },
            {
               name: "30317",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30317",
            },
            {
               name: "20080520 Vulnerability Advisory on GnuTLS",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
            },
            {
               name: "RHSA-2008:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
            },
            {
               name: "20080522 rPSA-2008-0174-1 gnutls",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
            },
            {
               name: "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
            },
            {
               name: "30324",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30324",
            },
            {
               name: "30302",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30302",
            },
            {
               name: "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
            },
            {
               name: "ADV-2008-1583",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1583/references",
            },
            {
               name: "29292",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/29292",
            },
            {
               name: "FEDORA-2008-4274",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
            },
            {
               name: "30330",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30330",
            },
            {
               name: "ADV-2008-1582",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1582/references",
            },
            {
               name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
            },
            {
               name: "30338",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30338",
            },
            {
               name: "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
            },
            {
               name: "DSA-1581",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2008/dsa-1581",
            },
            {
               name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
            },
            {
               name: "FEDORA-2008-4259",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
            },
            {
               name: "3902",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SREASON",
               ],
               url: "http://securityreason.com/securityalert/3902",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.rpath.com/browse/RPL-2552",
            },
            {
               name: "30287",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30287",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
            },
            {
               name: "gnutls-gnutlsrecvclientkxmessage-bo(42530)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42530",
            },
            {
               name: "FEDORA-2008-4183",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
            },
            {
               name: "1020058",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1020058",
            },
            {
               name: "MDVSA-2008:106",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
            },
            {
               name: "VU#252626",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/252626",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2008-1949",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "30331",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30331",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9519",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519",
                  },
                  {
                     name: "31939",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/31939",
                  },
                  {
                     name: "USN-613-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/usn-613-1",
                  },
                  {
                     name: "SUSE-SA:2008:046",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
                  },
                  {
                     name: "RHSA-2008:0492",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
                  },
                  {
                     name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
                  },
                  {
                     name: "GLSA-200805-20",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
                  },
                  {
                     name: "30355",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30355",
                  },
                  {
                     name: "30317",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30317",
                  },
                  {
                     name: "20080520 Vulnerability Advisory on GnuTLS",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
                  },
                  {
                     name: "RHSA-2008:0489",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
                  },
                  {
                     name: "20080522 rPSA-2008-0174-1 gnutls",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
                  },
                  {
                     name: "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
                  },
                  {
                     name: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
                     refsource: "CONFIRM",
                     url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
                  },
                  {
                     name: "30324",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30324",
                  },
                  {
                     name: "30302",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30302",
                  },
                  {
                     name: "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
                  },
                  {
                     name: "ADV-2008-1583",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1583/references",
                  },
                  {
                     name: "29292",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/29292",
                  },
                  {
                     name: "FEDORA-2008-4274",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
                  },
                  {
                     name: "30330",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30330",
                  },
                  {
                     name: "ADV-2008-1582",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1582/references",
                  },
                  {
                     name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
                  },
                  {
                     name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
                     refsource: "CONFIRM",
                     url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
                  },
                  {
                     name: "30338",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30338",
                  },
                  {
                     name: "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
                  },
                  {
                     name: "DSA-1581",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2008/dsa-1581",
                  },
                  {
                     name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
                  },
                  {
                     name: "FEDORA-2008-4259",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
                  },
                  {
                     name: "3902",
                     refsource: "SREASON",
                     url: "http://securityreason.com/securityalert/3902",
                  },
                  {
                     name: "https://issues.rpath.com/browse/RPL-2552",
                     refsource: "CONFIRM",
                     url: "https://issues.rpath.com/browse/RPL-2552",
                  },
                  {
                     name: "30287",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30287",
                  },
                  {
                     name: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
                     refsource: "CONFIRM",
                     url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
                  },
                  {
                     name: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
                     refsource: "MISC",
                     url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
                  },
                  {
                     name: "gnutls-gnutlsrecvclientkxmessage-bo(42530)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42530",
                  },
                  {
                     name: "FEDORA-2008-4183",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
                  },
                  {
                     name: "1020058",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1020058",
                  },
                  {
                     name: "MDVSA-2008:106",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
                  },
                  {
                     name: "VU#252626",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/252626",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2008-1949",
      datePublished: "2008-05-21T10:00:00",
      dateReserved: "2008-04-24T00:00:00",
      dateUpdated: "2024-08-07T08:41:00.207Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-2116
Vulnerability from cvelistv5
Published
2013-07-03 18:00
Modified
2024-08-06 15:27
Severity ?
Summary
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T15:27:40.995Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "57260",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57260",
               },
               {
                  name: "SUSE-SU-2013:1060",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html",
               },
               {
                  name: "57274",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57274",
               },
               {
                  name: "SUSE-SU-2014:0320",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
               },
               {
                  name: "SUSE-SU-2014:0322",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
               },
               {
                  name: "MDVSA-2013:171",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:171",
               },
               {
                  name: "RHSA-2013:0883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0883.html",
               },
               {
                  name: "DSA-2697",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2013/dsa-2697",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-2",
               },
               {
                  name: "53911",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/53911",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d",
               },
               {
                  name: "USN-1843-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1843-1",
               },
               {
                  name: "1028603",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1028603",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-05-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length.  NOTE: this might be due to an incorrect fix for CVE-2013-0169.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-03-18T11:57:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "57260",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57260",
            },
            {
               name: "SUSE-SU-2013:1060",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html",
            },
            {
               name: "57274",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57274",
            },
            {
               name: "SUSE-SU-2014:0320",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
            },
            {
               name: "SUSE-SU-2014:0322",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
            },
            {
               name: "MDVSA-2013:171",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:171",
            },
            {
               name: "RHSA-2013:0883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0883.html",
            },
            {
               name: "DSA-2697",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2013/dsa-2697",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-2",
            },
            {
               name: "53911",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/53911",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d",
            },
            {
               name: "USN-1843-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1843-1",
            },
            {
               name: "1028603",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1028603",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-2116",
      datePublished: "2013-07-03T18:00:00",
      dateReserved: "2013-02-19T00:00:00",
      dateUpdated: "2024-08-06T15:27:40.995Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3468
Vulnerability from cvelistv5
Published
2014-06-05 20:00
Modified
2024-08-06 10:43
Severity ?
Summary
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
References
http://secunia.com/advisories/60320third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-3056vendor-advisory, x_refsource_DEBIAN
http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923fx_refsource_CONFIRM
http://www.novell.com/support/kb/doc.php?id=7015302x_refsource_CONFIRM
http://secunia.com/advisories/59057third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.htmlx_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-0596.htmlx_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:116vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/59021third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61888third-party-advisory, x_refsource_SECUNIA
http://advisories.mageia.org/MGASA-2014-0247.htmlx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0815.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-0596.htmlvendor-advisory, x_refsource_REDHAT
http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlmailing-list, x_refsource_MLIST
http://www.novell.com/support/kb/doc.php?id=7015303x_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-0594.htmlx_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1102323x_refsource_CONFIRM
http://secunia.com/advisories/58591third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0687.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/58614third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2014-0594.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/60415third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59408third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:43:06.299Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "60320",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/60320",
               },
               {
                  name: "DSA-3056",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-3056",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/support/kb/doc.php?id=7015302",
               },
               {
                  name: "59057",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59057",
               },
               {
                  name: "SUSE-SU-2014:0758",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
               },
               {
                  name: "MDVSA-2015:116",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
               },
               {
                  name: "59021",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59021",
               },
               {
                  name: "61888",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/61888",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0247.html",
               },
               {
                  name: "RHSA-2014:0815",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
               },
               {
                  name: "RHSA-2014:0596",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
               },
               {
                  name: "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/support/kb/doc.php?id=7015303",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102323",
               },
               {
                  name: "58591",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/58591",
               },
               {
                  name: "RHSA-2014:0687",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
               },
               {
                  name: "58614",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/58614",
               },
               {
                  name: "SUSE-SU-2014:0788",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
               },
               {
                  name: "RHSA-2014:0594",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
               },
               {
                  name: "60415",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/60415",
               },
               {
                  name: "59408",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59408",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-05-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-12-28T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "60320",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/60320",
            },
            {
               name: "DSA-3056",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2014/dsa-3056",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.novell.com/support/kb/doc.php?id=7015302",
            },
            {
               name: "59057",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59057",
            },
            {
               name: "SUSE-SU-2014:0758",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
            },
            {
               name: "MDVSA-2015:116",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
            },
            {
               name: "59021",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59021",
            },
            {
               name: "61888",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/61888",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0247.html",
            },
            {
               name: "RHSA-2014:0815",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
            },
            {
               name: "RHSA-2014:0596",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
            },
            {
               name: "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.novell.com/support/kb/doc.php?id=7015303",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102323",
            },
            {
               name: "58591",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/58591",
            },
            {
               name: "RHSA-2014:0687",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
            },
            {
               name: "58614",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/58614",
            },
            {
               name: "SUSE-SU-2014:0788",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
            },
            {
               name: "RHSA-2014:0594",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
            },
            {
               name: "60415",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/60415",
            },
            {
               name: "59408",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59408",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2014-3468",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "60320",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/60320",
                  },
                  {
                     name: "DSA-3056",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2014/dsa-3056",
                  },
                  {
                     name: "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f",
                     refsource: "CONFIRM",
                     url: "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f",
                  },
                  {
                     name: "http://www.novell.com/support/kb/doc.php?id=7015302",
                     refsource: "CONFIRM",
                     url: "http://www.novell.com/support/kb/doc.php?id=7015302",
                  },
                  {
                     name: "59057",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59057",
                  },
                  {
                     name: "SUSE-SU-2014:0758",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
                  },
                  {
                     name: "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
                     refsource: "CONFIRM",
                     url: "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
                  },
                  {
                     name: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                     refsource: "CONFIRM",
                     url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                  },
                  {
                     name: "MDVSA-2015:116",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
                  },
                  {
                     name: "59021",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59021",
                  },
                  {
                     name: "61888",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/61888",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0247.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0247.html",
                  },
                  {
                     name: "RHSA-2014:0815",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
                  },
                  {
                     name: "RHSA-2014:0596",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
                  },
                  {
                     name: "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
                  },
                  {
                     name: "http://www.novell.com/support/kb/doc.php?id=7015303",
                     refsource: "CONFIRM",
                     url: "http://www.novell.com/support/kb/doc.php?id=7015303",
                  },
                  {
                     name: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                     refsource: "CONFIRM",
                     url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1102323",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102323",
                  },
                  {
                     name: "58591",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/58591",
                  },
                  {
                     name: "RHSA-2014:0687",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
                  },
                  {
                     name: "58614",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/58614",
                  },
                  {
                     name: "SUSE-SU-2014:0788",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
                  },
                  {
                     name: "RHSA-2014:0594",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
                  },
                  {
                     name: "60415",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/60415",
                  },
                  {
                     name: "59408",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59408",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3468",
      datePublished: "2014-06-05T20:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:43:06.299Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-0092
Vulnerability from cvelistv5
Published
2014-03-06 18:00
Modified
2024-08-06 09:05
Severity ?
Summary
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
References
http://secunia.com/advisories/57321third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/57260third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0288.htmlvendor-advisory, x_refsource_REDHAT
http://gnutls.org/security.html#GNUTLS-SA-2014-2x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/57274third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2014-0247.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/65919vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/57254third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0339.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/56933third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2014-0246.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.htmlvendor-advisory, x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=1069865x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2127-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/57204third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/57103third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.htmlvendor-advisory, x_refsource_SUSE
http://www.debian.org/security/2014/dsa-2869vendor-advisory, x_refsource_DEBIAN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:05:38.662Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "57321",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57321",
               },
               {
                  name: "57260",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57260",
               },
               {
                  name: "RHSA-2014:0288",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0288.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://gnutls.org/security.html#GNUTLS-SA-2014-2",
               },
               {
                  name: "SUSE-SU-2014:0445",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html",
               },
               {
                  name: "57274",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57274",
               },
               {
                  name: "SUSE-SU-2014:0319",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html",
               },
               {
                  name: "RHSA-2014:0247",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0247.html",
               },
               {
                  name: "65919",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/65919",
               },
               {
                  name: "SUSE-SU-2014:0320",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
               },
               {
                  name: "SUSE-SU-2014:0322",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
               },
               {
                  name: "SUSE-SU-2014:0324",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html",
               },
               {
                  name: "57254",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57254",
               },
               {
                  name: "RHSA-2014:0339",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0339.html",
               },
               {
                  name: "56933",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/56933",
               },
               {
                  name: "SUSE-SU-2014:0323",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html",
               },
               {
                  name: "RHSA-2014:0246",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0246.html",
               },
               {
                  name: "SUSE-SU-2014:0321",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1069865",
               },
               {
                  name: "USN-2127-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2127-1",
               },
               {
                  name: "57204",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57204",
               },
               {
                  name: "openSUSE-SU-2014:0346",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html",
               },
               {
                  name: "57103",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57103",
               },
               {
                  name: "openSUSE-SU-2014:0328",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html",
               },
               {
                  name: "openSUSE-SU-2014:0325",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html",
               },
               {
                  name: "DSA-2869",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-2869",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-03-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-11-25T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "57321",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57321",
            },
            {
               name: "57260",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57260",
            },
            {
               name: "RHSA-2014:0288",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0288.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://gnutls.org/security.html#GNUTLS-SA-2014-2",
            },
            {
               name: "SUSE-SU-2014:0445",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html",
            },
            {
               name: "57274",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57274",
            },
            {
               name: "SUSE-SU-2014:0319",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html",
            },
            {
               name: "RHSA-2014:0247",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0247.html",
            },
            {
               name: "65919",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/65919",
            },
            {
               name: "SUSE-SU-2014:0320",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
            },
            {
               name: "SUSE-SU-2014:0322",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
            },
            {
               name: "SUSE-SU-2014:0324",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html",
            },
            {
               name: "57254",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57254",
            },
            {
               name: "RHSA-2014:0339",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0339.html",
            },
            {
               name: "56933",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/56933",
            },
            {
               name: "SUSE-SU-2014:0323",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html",
            },
            {
               name: "RHSA-2014:0246",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0246.html",
            },
            {
               name: "SUSE-SU-2014:0321",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1069865",
            },
            {
               name: "USN-2127-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2127-1",
            },
            {
               name: "57204",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57204",
            },
            {
               name: "openSUSE-SU-2014:0346",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html",
            },
            {
               name: "57103",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57103",
            },
            {
               name: "openSUSE-SU-2014:0328",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html",
            },
            {
               name: "openSUSE-SU-2014:0325",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html",
            },
            {
               name: "DSA-2869",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2014/dsa-2869",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2014-0092",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "57321",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57321",
                  },
                  {
                     name: "57260",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57260",
                  },
                  {
                     name: "RHSA-2014:0288",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0288.html",
                  },
                  {
                     name: "http://gnutls.org/security.html#GNUTLS-SA-2014-2",
                     refsource: "CONFIRM",
                     url: "http://gnutls.org/security.html#GNUTLS-SA-2014-2",
                  },
                  {
                     name: "SUSE-SU-2014:0445",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html",
                  },
                  {
                     name: "57274",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57274",
                  },
                  {
                     name: "SUSE-SU-2014:0319",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html",
                  },
                  {
                     name: "RHSA-2014:0247",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0247.html",
                  },
                  {
                     name: "65919",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/65919",
                  },
                  {
                     name: "SUSE-SU-2014:0320",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
                  },
                  {
                     name: "SUSE-SU-2014:0322",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
                  },
                  {
                     name: "SUSE-SU-2014:0324",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html",
                  },
                  {
                     name: "57254",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57254",
                  },
                  {
                     name: "RHSA-2014:0339",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0339.html",
                  },
                  {
                     name: "56933",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/56933",
                  },
                  {
                     name: "SUSE-SU-2014:0323",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html",
                  },
                  {
                     name: "RHSA-2014:0246",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0246.html",
                  },
                  {
                     name: "SUSE-SU-2014:0321",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1069865",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1069865",
                  },
                  {
                     name: "USN-2127-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2127-1",
                  },
                  {
                     name: "57204",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57204",
                  },
                  {
                     name: "openSUSE-SU-2014:0346",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html",
                  },
                  {
                     name: "57103",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57103",
                  },
                  {
                     name: "openSUSE-SU-2014:0328",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html",
                  },
                  {
                     name: "openSUSE-SU-2014:0325",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html",
                  },
                  {
                     name: "DSA-2869",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2014/dsa-2869",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-0092",
      datePublished: "2014-03-06T18:00:00",
      dateReserved: "2013-12-03T00:00:00",
      dateUpdated: "2024-08-06T09:05:38.662Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-4209
Vulnerability from cvelistv5
Published
2022-08-24 15:07
Modified
2024-08-03 17:16
Severity ?
Summary
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
Impacted products
Vendor Product Version
n/a GnuTLS Version: Fixed in gnutls v3.7.3
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:16:04.444Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/-/issues/1306",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044156",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2021-4209",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220915-0005/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "GnuTLS",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in gnutls v3.7.3",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 - NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-15T17:06:40",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://gitlab.com/gnutls/gnutls/-/issues/1306",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044156",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2021-4209",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220915-0005/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2021-4209",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "GnuTLS",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Fixed in gnutls v3.7.3",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-476 - NULL Pointer Dereference",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://gitlab.com/gnutls/gnutls/-/issues/1306",
                     refsource: "MISC",
                     url: "https://gitlab.com/gnutls/gnutls/-/issues/1306",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=2044156",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044156",
                  },
                  {
                     name: "https://access.redhat.com/security/cve/CVE-2021-4209",
                     refsource: "MISC",
                     url: "https://access.redhat.com/security/cve/CVE-2021-4209",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503",
                     refsource: "MISC",
                     url: "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568",
                     refsource: "MISC",
                     url: "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220915-0005/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220915-0005/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-4209",
      datePublished: "2022-08-24T15:07:31",
      dateReserved: "2022-01-24T00:00:00",
      dateUpdated: "2024-08-03T17:16:04.444Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-4456
Vulnerability from cvelistv5
Published
2017-08-08 21:00
Modified
2024-08-06 00:32
Severity ?
Summary
The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:32:25.569Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343505",
               },
               {
                  name: "[oss-security] 20160607 Re: CVE Request: GnuTLS: GNUTLS-SA-2016-1: File overwrite by setuid programs",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/06/07/6",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-06-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The \"GNUTLS_KEYLOGFILE\" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-08T20:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343505",
            },
            {
               name: "[oss-security] 20160607 Re: CVE Request: GnuTLS: GNUTLS-SA-2016-1: File overwrite by setuid programs",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/06/07/6",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-4456",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The \"GNUTLS_KEYLOGFILE\" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1343505",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343505",
                  },
                  {
                     name: "[oss-security] 20160607 Re: CVE Request: GnuTLS: GNUTLS-SA-2016-1: File overwrite by setuid programs",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/06/07/6",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-4456",
      datePublished: "2017-08-08T21:00:00",
      dateReserved: "2016-05-02T00:00:00",
      dateUpdated: "2024-08-06T00:32:25.569Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-8155
Vulnerability from cvelistv5
Published
2015-08-14 18:00
Modified
2024-08-06 13:10
Severity ?
Summary
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:10:50.869Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "73317",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/73317",
               },
               {
                  name: "RHSA-2015:1457",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-1457.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.f5.com/csp/article/K53330207",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2010-03-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-04-08T21:06:04",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "73317",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/73317",
            },
            {
               name: "RHSA-2015:1457",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-1457.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.f5.com/csp/article/K53330207",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-8155",
      datePublished: "2015-08-14T18:00:00",
      dateReserved: "2014-10-10T00:00:00",
      dateUpdated: "2024-08-06T13:10:50.869Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4466
Vulnerability from cvelistv5
Published
2013-11-19 19:00
Modified
2024-09-16 20:21
Severity ?
Summary
Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:45:14.567Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20131024 Re: CVE Request: gnutls/libdane buffer overflow",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2013/10/25/2",
               },
               {
                  name: "[gnutls-devel] 20131023 gnutls 3.2.5",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3",
               },
               {
                  name: "[gnutls-devel] 20131023 gnutls 3.1.15",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2013-11-19T19:00:00Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "[oss-security] 20131024 Re: CVE Request: gnutls/libdane buffer overflow",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2013/10/25/2",
            },
            {
               name: "[gnutls-devel] 20131023 gnutls 3.2.5",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3",
            },
            {
               name: "[gnutls-devel] 20131023 gnutls 3.1.15",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2013-4466",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[oss-security] 20131024 Re: CVE Request: gnutls/libdane buffer overflow",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2013/10/25/2",
                  },
                  {
                     name: "[gnutls-devel] 20131023 gnutls 3.2.5",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050",
                  },
                  {
                     name: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3",
                     refsource: "CONFIRM",
                     url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-3",
                  },
                  {
                     name: "[gnutls-devel] 20131023 gnutls 3.1.15",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-4466",
      datePublished: "2013-11-19T19:00:00Z",
      dateReserved: "2013-06-12T00:00:00Z",
      dateUpdated: "2024-09-16T20:21:16.336Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4487
Vulnerability from cvelistv5
Published
2013-11-19 19:00
Modified
2024-09-16 21:09
Severity ?
Summary
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:45:14.929Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "openSUSE-SU-2013:1714",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html",
               },
               {
                  name: "[oss-security] 20131031 Re: CVE Request: gnutls/libdane buffer overflow",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2013/10/31/4",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.  NOTE: this issue is due to an incomplete fix for CVE-2013-4466.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2013-11-19T19:00:00Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "openSUSE-SU-2013:1714",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html",
            },
            {
               name: "[oss-security] 20131031 Re: CVE Request: gnutls/libdane buffer overflow",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2013/10/31/4",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2013-4487",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.  NOTE: this issue is due to an incomplete fix for CVE-2013-4466.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "openSUSE-SU-2013:1714",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html",
                  },
                  {
                     name: "[oss-security] 20131031 Re: CVE Request: gnutls/libdane buffer overflow",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2013/10/31/4",
                  },
                  {
                     name: "https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc",
                     refsource: "CONFIRM",
                     url: "https://gitorious.org/gnutls/gnutls/commit/0dd5529509e46b11d5c0f3f26f99294e0e5fa6dc",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-4487",
      datePublished: "2013-11-19T19:00:00Z",
      dateReserved: "2013-06-12T00:00:00Z",
      dateUpdated: "2024-09-16T21:09:04.901Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-20231
Vulnerability from cvelistv5
Published
2021-03-12 18:23
Modified
2024-08-03 17:30
Severity ?
Summary
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1922276x_refsource_MISC
https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20210416-0005/x_refsource_CONFIRM
https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
n/a gnutls Version: gnutls 3.7.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:30:07.517Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
               },
               {
                  name: "FEDORA-2021-18bef34f05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/",
               },
               {
                  name: "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20210416-0005/",
               },
               {
                  name: "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E",
               },
               {
                  name: "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "gnutls",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "gnutls 3.7.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-04-30T09:06:16",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
            },
            {
               name: "FEDORA-2021-18bef34f05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/",
            },
            {
               name: "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20210416-0005/",
            },
            {
               name: "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f%40%3Cissues.spark.apache.org%3E",
            },
            {
               name: "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E",
            },
            {
               name: "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158%40%3Cissues.spark.apache.org%3E",
            },
            {
               name: "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20%40%3Cissues.spark.apache.org%3E",
            },
            {
               name: "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532%40%3Cissues.spark.apache.org%3E",
            },
            {
               name: "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E",
            },
            {
               name: "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2021-20231",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "gnutls",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "gnutls 3.7.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-416",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276",
                  },
                  {
                     name: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
                     refsource: "MISC",
                     url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10",
                  },
                  {
                     name: "FEDORA-2021-18bef34f05",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/",
                  },
                  {
                     name: "[spark-issues] 20210413 [jira] [Created] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20210416-0005/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20210416-0005/",
                  },
                  {
                     name: "[spark-issues] 20210417 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210423 [jira] [Resolved] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210425 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210426 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210426 [jira] [Updated] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210429 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E",
                  },
                  {
                     name: "[spark-issues] 20210430 [jira] [Commented] (SPARK-35054) Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-20231",
      datePublished: "2021-03-12T18:23:59",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-08-03T17:30:07.517Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-3836
Vulnerability from cvelistv5
Published
2019-04-01 14:16
Modified
2024-08-04 19:19
Summary
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
Impacted products
Vendor Product Version
gnutls gnutls Version: fixed in gnutls 3.6.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T19:19:18.612Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/issues/704",
               },
               {
                  name: "FEDORA-2019-46df367eed",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/",
               },
               {
                  name: "GLSA-201904-14",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201904-14",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20190502-0005/",
               },
               {
                  name: "openSUSE-SU-2019:1353",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
               },
               {
                  name: "USN-3999-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3999-1/",
               },
               {
                  name: "RHSA-2019:3600",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:3600",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "gnutls",
               vendor: "gnutls",
               versions: [
                  {
                     status: "affected",
                     version: "fixed in gnutls 3.6.7",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-456",
                     description: "CWE-456",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-06T00:08:11",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/issues/704",
            },
            {
               name: "FEDORA-2019-46df367eed",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/",
            },
            {
               name: "GLSA-201904-14",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201904-14",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20190502-0005/",
            },
            {
               name: "openSUSE-SU-2019:1353",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
            },
            {
               name: "USN-3999-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/3999-1/",
            },
            {
               name: "RHSA-2019:3600",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:3600",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2019-3836",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "gnutls",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "fixed in gnutls 3.6.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "gnutls",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.",
                  },
               ],
            },
            impact: {
               cvss: [
                  [
                     {
                        vectorString: "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        version: "3.0",
                     },
                  ],
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-456",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3836",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/issues/704",
                     refsource: "CONFIRM",
                     url: "https://gitlab.com/gnutls/gnutls/issues/704",
                  },
                  {
                     name: "FEDORA-2019-46df367eed",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/",
                  },
                  {
                     name: "GLSA-201904-14",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201904-14",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20190502-0005/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20190502-0005/",
                  },
                  {
                     name: "openSUSE-SU-2019:1353",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html",
                  },
                  {
                     name: "USN-3999-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/3999-1/",
                  },
                  {
                     name: "RHSA-2019:3600",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:3600",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-3836",
      datePublished: "2019-04-01T14:16:51",
      dateReserved: "2019-01-03T00:00:00",
      dateUpdated: "2024-08-04T19:19:18.612Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3469
Vulnerability from cvelistv5
Published
2014-06-05 20:00
Modified
2024-08-06 10:43
Severity ?
Summary
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
References
http://secunia.com/advisories/60320third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2014/dsa-3056vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/support/kb/doc.php?id=7015302x_refsource_CONFIRM
http://secunia.com/advisories/59057third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://linux.oracle.com/errata/ELSA-2014-0596.htmlx_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:116vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/59021third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/61888third-party-advisory, x_refsource_SECUNIA
http://advisories.mageia.org/MGASA-2014-0247.htmlx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0815.htmlvendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1102329x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0596.htmlvendor-advisory, x_refsource_REDHAT
http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.htmlmailing-list, x_refsource_MLIST
http://www.novell.com/support/kb/doc.php?id=7015303x_refsource_CONFIRM
http://linux.oracle.com/errata/ELSA-2014-0594.htmlx_refsource_CONFIRM
http://secunia.com/advisories/58591third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0687.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/58614third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2014-0594.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/60415third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59408third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:43:06.230Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "60320",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/60320",
               },
               {
                  name: "DSA-3056",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-3056",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/support/kb/doc.php?id=7015302",
               },
               {
                  name: "59057",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59057",
               },
               {
                  name: "SUSE-SU-2014:0758",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
               },
               {
                  name: "MDVSA-2015:116",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
               },
               {
                  name: "59021",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59021",
               },
               {
                  name: "61888",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/61888",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0247.html",
               },
               {
                  name: "RHSA-2014:0815",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102329",
               },
               {
                  name: "RHSA-2014:0596",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
               },
               {
                  name: "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/support/kb/doc.php?id=7015303",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
               },
               {
                  name: "58591",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/58591",
               },
               {
                  name: "RHSA-2014:0687",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
               },
               {
                  name: "58614",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/58614",
               },
               {
                  name: "SUSE-SU-2014:0788",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
               },
               {
                  name: "RHSA-2014:0594",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
               },
               {
                  name: "60415",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/60415",
               },
               {
                  name: "59408",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59408",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-05-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-12-28T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "60320",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/60320",
            },
            {
               name: "DSA-3056",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2014/dsa-3056",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.novell.com/support/kb/doc.php?id=7015302",
            },
            {
               name: "59057",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59057",
            },
            {
               name: "SUSE-SU-2014:0758",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
            },
            {
               name: "MDVSA-2015:116",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
            },
            {
               name: "59021",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59021",
            },
            {
               name: "61888",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/61888",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://advisories.mageia.org/MGASA-2014-0247.html",
            },
            {
               name: "RHSA-2014:0815",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102329",
            },
            {
               name: "RHSA-2014:0596",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
            },
            {
               name: "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.novell.com/support/kb/doc.php?id=7015303",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
            },
            {
               name: "58591",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/58591",
            },
            {
               name: "RHSA-2014:0687",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
            },
            {
               name: "58614",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/58614",
            },
            {
               name: "SUSE-SU-2014:0788",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
            },
            {
               name: "RHSA-2014:0594",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
            },
            {
               name: "60415",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/60415",
            },
            {
               name: "59408",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59408",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2014-3469",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "60320",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/60320",
                  },
                  {
                     name: "DSA-3056",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2014/dsa-3056",
                  },
                  {
                     name: "http://www.novell.com/support/kb/doc.php?id=7015302",
                     refsource: "CONFIRM",
                     url: "http://www.novell.com/support/kb/doc.php?id=7015302",
                  },
                  {
                     name: "59057",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59057",
                  },
                  {
                     name: "SUSE-SU-2014:0758",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html",
                  },
                  {
                     name: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                     refsource: "CONFIRM",
                     url: "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                  },
                  {
                     name: "MDVSA-2015:116",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116",
                  },
                  {
                     name: "59021",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59021",
                  },
                  {
                     name: "61888",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/61888",
                  },
                  {
                     name: "http://advisories.mageia.org/MGASA-2014-0247.html",
                     refsource: "CONFIRM",
                     url: "http://advisories.mageia.org/MGASA-2014-0247.html",
                  },
                  {
                     name: "RHSA-2014:0815",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0815.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1102329",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1102329",
                  },
                  {
                     name: "RHSA-2014:0596",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0596.html",
                  },
                  {
                     name: "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html",
                  },
                  {
                     name: "http://www.novell.com/support/kb/doc.php?id=7015303",
                     refsource: "CONFIRM",
                     url: "http://www.novell.com/support/kb/doc.php?id=7015303",
                  },
                  {
                     name: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                     refsource: "CONFIRM",
                     url: "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                  },
                  {
                     name: "58591",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/58591",
                  },
                  {
                     name: "RHSA-2014:0687",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0687.html",
                  },
                  {
                     name: "58614",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/58614",
                  },
                  {
                     name: "SUSE-SU-2014:0788",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html",
                  },
                  {
                     name: "RHSA-2014:0594",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0594.html",
                  },
                  {
                     name: "60415",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/60415",
                  },
                  {
                     name: "59408",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59408",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3469",
      datePublished: "2014-06-05T20:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:43:06.230Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-1417
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 05:13
Severity ?
Summary
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/50261vdb-entry, x_refsource_XF
http://www.securitytracker.com/id?1022159vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2009/1218vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/34783vdb-entry, x_refsource_BID
http://security.gentoo.org/glsa/glsa-200905-04.xmlvendor-advisory, x_refsource_GENTOO
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517mailing-list, x_refsource_MLIST
http://secunia.com/advisories/34842third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35211third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116vendor-advisory, x_refsource_MANDRIVA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T05:13:25.537Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "gnutls-gnutlscli-spoofing(50261)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50261",
               },
               {
                  name: "1022159",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1022159",
               },
               {
                  name: "ADV-2009-1218",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/1218",
               },
               {
                  name: "34783",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/34783",
               },
               {
                  name: "GLSA-200905-04",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
               },
               {
                  name: "[gnutls-devel] 20090430 Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517",
               },
               {
                  name: "34842",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/34842",
               },
               {
                  name: "35211",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/35211",
               },
               {
                  name: "MDVSA-2009:116",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-04-30T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-16T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "gnutls-gnutlscli-spoofing(50261)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50261",
            },
            {
               name: "1022159",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1022159",
            },
            {
               name: "ADV-2009-1218",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/1218",
            },
            {
               name: "34783",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/34783",
            },
            {
               name: "GLSA-200905-04",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
            },
            {
               name: "[gnutls-devel] 20090430 Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517",
            },
            {
               name: "34842",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/34842",
            },
            {
               name: "35211",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/35211",
            },
            {
               name: "MDVSA-2009:116",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2009-1417",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "gnutls-gnutlscli-spoofing(50261)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50261",
                  },
                  {
                     name: "1022159",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1022159",
                  },
                  {
                     name: "ADV-2009-1218",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2009/1218",
                  },
                  {
                     name: "34783",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/34783",
                  },
                  {
                     name: "GLSA-200905-04",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
                  },
                  {
                     name: "[gnutls-devel] 20090430 Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417]",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517",
                  },
                  {
                     name: "34842",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/34842",
                  },
                  {
                     name: "35211",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/35211",
                  },
                  {
                     name: "MDVSA-2009:116",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2009-1417",
      datePublished: "2009-04-30T20:00:00",
      dateReserved: "2009-04-24T00:00:00",
      dateUpdated: "2024-08-07T05:13:25.537Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-6251
Vulnerability from cvelistv5
Published
2015-08-24 14:00
Modified
2024-08-06 07:15
Severity ?
Summary
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T07:15:13.264Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1251902",
               },
               {
                  name: "openSUSE-SU-2015:1499",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html",
               },
               {
                  name: "1033226",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1033226",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3",
               },
               {
                  name: "[oss-security] 20150810 CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/08/10/1",
               },
               {
                  name: "76267",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/76267",
               },
               {
                  name: "FEDORA-2015-13287",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12",
               },
               {
                  name: "[oss-security] 20150817 Re: CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/08/17/6",
               },
               {
                  name: "DSA-3334",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2015/dsa-3334",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-08-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-22T18:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1251902",
            },
            {
               name: "openSUSE-SU-2015:1499",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html",
            },
            {
               name: "1033226",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1033226",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3",
            },
            {
               name: "[oss-security] 20150810 CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/08/10/1",
            },
            {
               name: "76267",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/76267",
            },
            {
               name: "FEDORA-2015-13287",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12",
            },
            {
               name: "[oss-security] 20150817 Re: CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/08/17/6",
            },
            {
               name: "DSA-3334",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2015/dsa-3334",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-6251",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1251902",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1251902",
                  },
                  {
                     name: "openSUSE-SU-2015:1499",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html",
                  },
                  {
                     name: "1033226",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1033226",
                  },
                  {
                     name: "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3",
                     refsource: "CONFIRM",
                     url: "http://www.gnutls.org/security.html#GNUTLS-SA-2015-3",
                  },
                  {
                     name: "[oss-security] 20150810 CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/08/10/1",
                  },
                  {
                     name: "76267",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/76267",
                  },
                  {
                     name: "FEDORA-2015-13287",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12",
                     refsource: "CONFIRM",
                     url: "https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12",
                  },
                  {
                     name: "[oss-security] 20150817 Re: CVE request: GNUTLS-SA-2015-3 double free in certificate DN decoding",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/08/17/6",
                  },
                  {
                     name: "DSA-3334",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2015/dsa-3334",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-6251",
      datePublished: "2015-08-24T14:00:00",
      dateReserved: "2015-08-17T00:00:00",
      dateUpdated: "2024-08-06T07:15:13.264Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-7869
Vulnerability from cvelistv5
Published
2017-04-14 04:30
Modified
2024-08-05 16:19
Severity ?
Summary
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T16:19:29.291Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe",
               },
               {
                  name: "RHSA-2017:2292",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2292",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.gnutls.org/security.html",
               },
               {
                  name: "97040",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/97040",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-04-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe",
            },
            {
               name: "RHSA-2017:2292",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2292",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.gnutls.org/security.html",
            },
            {
               name: "97040",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/97040",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-7869",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe",
                     refsource: "MISC",
                     url: "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe",
                  },
                  {
                     name: "RHSA-2017:2292",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2292",
                  },
                  {
                     name: "https://www.gnutls.org/security.html",
                     refsource: "CONFIRM",
                     url: "https://www.gnutls.org/security.html",
                  },
                  {
                     name: "97040",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/97040",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-7869",
      datePublished: "2017-04-14T04:30:00",
      dateReserved: "2017-04-14T00:00:00",
      dateUpdated: "2024-08-05T16:19:29.291Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-10845
Vulnerability from cvelistv5
Published
2018-08-22 13:00
Modified
2024-08-05 07:46
Summary
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
Impacted products
Vendor Product Version
[UNKNOWN] gnutls Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T07:46:47.470Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://eprint.iacr.org/2018/747",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/merge_requests/657",
               },
               {
                  name: "RHSA-2018:3505",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:3505",
               },
               {
                  name: "105138",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/105138",
               },
               {
                  name: "RHSA-2018:3050",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:3050",
               },
               {
                  name: "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html",
               },
               {
                  name: "USN-3999-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3999-1/",
               },
               {
                  name: "FEDORA-2020-f90fb78f70",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
               },
               {
                  name: "FEDORA-2020-d14280a6e8",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "gnutls",
               vendor: "[UNKNOWN]",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-08-17T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-385",
                     description: "CWE-385",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-08T05:06:08",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://eprint.iacr.org/2018/747",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/merge_requests/657",
            },
            {
               name: "RHSA-2018:3505",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:3505",
            },
            {
               name: "105138",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/105138",
            },
            {
               name: "RHSA-2018:3050",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:3050",
            },
            {
               name: "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html",
            },
            {
               name: "USN-3999-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/3999-1/",
            },
            {
               name: "FEDORA-2020-f90fb78f70",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
            },
            {
               name: "FEDORA-2020-d14280a6e8",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2018-10845",
      datePublished: "2018-08-22T13:00:00",
      dateReserved: "2018-05-09T00:00:00",
      dateUpdated: "2024-08-05T07:46:47.470Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-5981
Vulnerability from cvelistv5
Published
2023-11-28 11:49
Modified
2024-11-23 00:09
Summary
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
References
https://access.redhat.com/errata/RHSA-2024:0155vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0319vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0399vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0451vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0533vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1383vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2094vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5981vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2248445issue-tracking, x_refsource_REDHAT
https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.6.16-8.el8_9   < *
    cpe:/a:redhat:enterprise_linux:8::appstream
    cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.6.16-8.el8_9   < *
    cpe:/a:redhat:enterprise_linux:8::appstream
    cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:3.6.16-5.el8_6.2   < *
    cpe:/a:redhat:rhel_eus:8.6::appstream
    cpe:/o:redhat:rhel_eus:8.6::baseos
Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:3.6.16-7.el8_8.1   < *
    cpe:/o:redhat:rhel_eus:8.8::baseos
    cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3   < *
    cpe:/o:redhat:enterprise_linux:9::baseos
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.7.6-23.el9_3.3   < *
    cpe:/o:redhat:enterprise_linux:9::baseos
    cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:3.7.6-21.el9_2.1   < *
    cpe:/a:redhat:rhel_eus:9.2::appstream
    cpe:/o:redhat:rhel_eus:9.2::baseos
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-37   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-68   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-39   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-58   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-13   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-81   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-79   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-22   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-57   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-6   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-15   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-54   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-10   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-26   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-19   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-158   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-21   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.0-103   < *
    cpe:/a:redhat:openshift_data_foundation:4.15::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-22   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-11   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v6.8.1-407   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-19   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.0.0-479   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-7   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.4.0-247   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-5   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v1.1.0-227   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.1-470   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v2.9.6-14   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-2   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-24   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v5.8.6-10   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-525   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.1.0-224   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat RHOL-5.8-RHEL-9 Unaffected: v0.28.1-56   < *
    cpe:/a:redhat:logging:5.8::el9
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T08:14:25.155Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/01/19/3",
               },
               {
                  name: "RHSA-2024:0155",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:0155",
               },
               {
                  name: "RHSA-2024:0319",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:0319",
               },
               {
                  name: "RHSA-2024:0399",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:0399",
               },
               {
                  name: "RHSA-2024:0451",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:0451",
               },
               {
                  name: "RHSA-2024:0533",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:0533",
               },
               {
                  name: "RHSA-2024:1383",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:1383",
               },
               {
                  name: "RHSA-2024:2094",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2024:2094",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2023-5981",
               },
               {
                  name: "RHBZ#2248445",
                  tags: [
                     "issue-tracking",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248445",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:enterprise_linux:8::appstream",
                  "cpe:/o:redhat:enterprise_linux:8::baseos",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.6.16-8.el8_9",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:enterprise_linux:8::appstream",
                  "cpe:/o:redhat:enterprise_linux:8::baseos",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.6.16-8.el8_9",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:rhel_eus:8.6::appstream",
                  "cpe:/o:redhat:rhel_eus:8.6::baseos",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 8.6 Extended Update Support",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.6.16-5.el8_6.2",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:rhel_eus:8.8::baseos",
                  "cpe:/a:redhat:rhel_eus:8.8::appstream",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 8.8 Extended Update Support",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.6.16-7.el8_8.1",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:9::baseos",
                  "cpe:/a:redhat:enterprise_linux:9::appstream",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.7.6-23.el9_3.3",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:9::baseos",
                  "cpe:/a:redhat:enterprise_linux:9::appstream",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.7.6-23.el9_3.3",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:rhel_eus:9.2::appstream",
                  "cpe:/o:redhat:rhel_eus:9.2::baseos",
               ],
               defaultStatus: "affected",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 9.2 Extended Update Support",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:3.7.6-21.el9_2.1",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/cephcsi-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-37",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/mcg-core-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-68",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/mcg-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/mcg-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-39",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-client-console-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-58",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-client-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-client-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-13",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-metrics-exporter-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-81",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/ocs-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-79",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-cli-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-22",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-console-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-57",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-cosi-sidecar-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-6",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-csi-addons-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-csi-addons-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-15",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-csi-addons-sidecar-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-15",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-multicluster-console-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-54",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-multicluster-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-multicluster-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-10",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-must-gather-rhel9",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-26",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odf-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-19",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odr-cluster-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odr-hub-operator-bundle",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-158",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/odr-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-21",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:openshift_data_foundation:4.15::el9",
               ],
               defaultStatus: "affected",
               packageName: "odf4/rook-ceph-rhel9-operator",
               product: "RHODF-4.15-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v4.15.0-103",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/cluster-logging-operator-bundle",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-22",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/cluster-logging-rhel9-operator",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-11",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/elasticsearch6-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v6.8.1-407",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/elasticsearch-operator-bundle",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-19",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/elasticsearch-proxy-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v1.0.0-479",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/elasticsearch-rhel9-operator",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-7",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/eventrouter-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v0.4.0-247",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/fluentd-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-5",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/log-file-metric-exporter-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v1.1.0-227",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/logging-curator5-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.1-470",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/logging-loki-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v2.9.6-14",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/logging-view-plugin-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-2",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/loki-operator-bundle",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-24",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/loki-rhel9-operator",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v5.8.6-10",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/lokistack-gateway-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v0.1.0-525",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/opa-openshift-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v0.1.0-224",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://catalog.redhat.com/software/containers/",
               cpes: [
                  "cpe:/a:redhat:logging:5.8::el9",
               ],
               defaultStatus: "affected",
               packageName: "openshift-logging/vector-rhel9",
               product: "RHOL-5.8-RHEL-9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "v0.28.1-56",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:6",
               ],
               defaultStatus: "unknown",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 6",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:7",
               ],
               defaultStatus: "unknown",
               packageName: "gnutls",
               product: "Red Hat Enterprise Linux 7",
               vendor: "Red Hat",
            },
         ],
         credits: [
            {
               lang: "en",
               value: "This issue was discovered by Daiki Ueno (Red Hat).",
            },
         ],
         datePublic: "2023-11-15T00:00:00+00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Moderate",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-203",
                     description: "Observable Discrepancy",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-11-23T00:09:08.520Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2024:0155",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:0155",
            },
            {
               name: "RHSA-2024:0319",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:0319",
            },
            {
               name: "RHSA-2024:0399",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:0399",
            },
            {
               name: "RHSA-2024:0451",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:0451",
            },
            {
               name: "RHSA-2024:0533",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:0533",
            },
            {
               name: "RHSA-2024:1383",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:1383",
            },
            {
               name: "RHSA-2024:2094",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:2094",
            },
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2023-5981",
            },
            {
               name: "RHBZ#2248445",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248445",
            },
            {
               url: "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-11-07T00:00:00+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2023-11-15T00:00:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Gnutls: timing side-channel in the rsa-psk authentication",
         workarounds: [
            {
               lang: "en",
               value: "To address the issue found upgrade to GnuTLS 3.8.2 or later versions.",
            },
         ],
         x_redhatCweChain: "CWE-1300->CWE-203: Improper Protection of Physical Side Channels leads to Observable Discrepancy",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2023-5981",
      datePublished: "2023-11-28T11:49:50.138Z",
      dateReserved: "2023-11-07T08:05:10.875Z",
      dateUpdated: "2024-11-23T00:09:08.520Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-7444
Vulnerability from cvelistv5
Published
2016-09-27 15:00
Modified
2024-08-06 01:57
Severity ?
Summary
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T01:57:47.621Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "92893",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/92893",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9",
               },
               {
                  name: "RHSA-2017:2292",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2292",
               },
               {
                  name: "openSUSE-SU-2017:0386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
               },
               {
                  name: "[gnutls-devel] 20160902 OCSP certificate check",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.gnutls.org/security.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-09-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            shortName: "debian",
         },
         references: [
            {
               name: "92893",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/92893",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9",
            },
            {
               name: "RHSA-2017:2292",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2292",
            },
            {
               name: "openSUSE-SU-2017:0386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
            },
            {
               name: "[gnutls-devel] 20160902 OCSP certificate check",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.gnutls.org/security.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@debian.org",
               ID: "CVE-2016-7444",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "92893",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/92893",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9",
                     refsource: "CONFIRM",
                     url: "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9",
                  },
                  {
                     name: "RHSA-2017:2292",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2292",
                  },
                  {
                     name: "openSUSE-SU-2017:0386",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html",
                  },
                  {
                     name: "[gnutls-devel] 20160902 OCSP certificate check",
                     refsource: "MLIST",
                     url: "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html",
                  },
                  {
                     name: "https://www.gnutls.org/security.html",
                     refsource: "CONFIRM",
                     url: "https://www.gnutls.org/security.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
      assignerShortName: "debian",
      cveId: "CVE-2016-7444",
      datePublished: "2016-09-27T15:00:00",
      dateReserved: "2016-09-09T00:00:00",
      dateUpdated: "2024-08-06T01:57:47.621Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11501
Vulnerability from cvelistv5
Published
2020-04-03 12:42
Modified
2024-08-04 11:35
Severity ?
Summary
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:35:12.441Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "GLSA-202004-06",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202004-06",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/-/issues/960",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31",
               },
               {
                  name: "DSA-4652",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4652",
               },
               {
                  name: "openSUSE-SU-2020:0501",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200416-0002/",
               },
               {
                  name: "USN-4322-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4322-1/",
               },
               {
                  name: "FEDORA-2020-f90fb78f70",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
               },
               {
                  name: "FEDORA-2020-d14280a6e8",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-12T22:36:56",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "GLSA-202004-06",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202004-06",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://gitlab.com/gnutls/gnutls/-/issues/960",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31",
            },
            {
               name: "DSA-4652",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4652",
            },
            {
               name: "openSUSE-SU-2020:0501",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200416-0002/",
            },
            {
               name: "USN-4322-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4322-1/",
            },
            {
               name: "FEDORA-2020-f90fb78f70",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
            },
            {
               name: "FEDORA-2020-d14280a6e8",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11501",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "GLSA-202004-06",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202004-06",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/-/issues/960",
                     refsource: "MISC",
                     url: "https://gitlab.com/gnutls/gnutls/-/issues/960",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2",
                     refsource: "MISC",
                     url: "https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2",
                  },
                  {
                     name: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31",
                     refsource: "MISC",
                     url: "https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31",
                  },
                  {
                     name: "DSA-4652",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4652",
                  },
                  {
                     name: "openSUSE-SU-2020:0501",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200416-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200416-0002/",
                  },
                  {
                     name: "USN-4322-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4322-1/",
                  },
                  {
                     name: "FEDORA-2020-f90fb78f70",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/",
                  },
                  {
                     name: "FEDORA-2020-d14280a6e8",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11501",
      datePublished: "2020-04-03T12:42:28",
      dateReserved: "2020-04-03T00:00:00",
      dateUpdated: "2024-08-04T11:35:12.441Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2006-4790
Vulnerability from cvelistv5
Published
2006-09-14 19:00
Modified
2024-08-07 19:23
Severity ?
Summary
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
References
http://secunia.com/advisories/25762third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22992third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21937third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22049third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1016844vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2006/3899vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/20027vdb-entry, x_refsource_BID
http://www.novell.com/linux/security/advisories/2006_23_sr.htmlvendor-advisory, x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDKSA-2006:166vendor-advisory, x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2006-0680.htmlvendor-advisory, x_refsource_REDHAT
http://www.gnu.org/software/gnutls/security.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937vdb-entry, signature, x_refsource_OVAL
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2006/3635vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21942third-party-advisory, x_refsource_SECUNIA
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/22080third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200609-15.xmlvendor-advisory, x_refsource_GENTOO
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.htmlvendor-advisory, x_refsource_SUSE
http://www.debian.org/security/2006/dsa-1182vendor-advisory, x_refsource_DEBIAN
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htmx_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/28953vdb-entry, x_refsource_XF
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/21973third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22226third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22084third-party-advisory, x_refsource_SECUNIA
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.htmlmailing-list, x_refsource_MLIST
http://www.ubuntu.com/usn/usn-348-1vendor-advisory, x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2007/2289vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22097third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T19:23:41.157Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "25762",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/25762",
               },
               {
                  name: "22992",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22992",
               },
               {
                  name: "21937",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/21937",
               },
               {
                  name: "22049",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22049",
               },
               {
                  name: "1016844",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1016844",
               },
               {
                  name: "ADV-2006-3899",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/3899",
               },
               {
                  name: "20027",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/20027",
               },
               {
                  name: "SUSE-SR:2006:023",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_23_sr.html",
               },
               {
                  name: "MDKSA-2006:166",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:166",
               },
               {
                  name: "RHSA-2006:0680",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2006-0680.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnu.org/software/gnutls/security.html",
               },
               {
                  name: "oval:org.mitre.oval:def:9937",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937",
               },
               {
                  name: "102970",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1",
               },
               {
                  name: "ADV-2006-3635",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/3635",
               },
               {
                  name: "21942",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/21942",
               },
               {
                  name: "[gnutls-dev] 20060908 Variant of Bleichenbacher's crypto 06 rump session attack",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html",
               },
               {
                  name: "22080",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22080",
               },
               {
                  name: "GLSA-200609-15",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200609-15.xml",
               },
               {
                  name: "SUSE-SA:2007:010",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html",
               },
               {
                  name: "DSA-1182",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2006/dsa-1182",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm",
               },
               {
                  name: "gnutls-rsakey-security-bypass(28953)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/28953",
               },
               {
                  name: "102648",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1",
               },
               {
                  name: "21973",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/21973",
               },
               {
                  name: "22226",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22226",
               },
               {
                  name: "22084",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22084",
               },
               {
                  name: "[gnutls-dev] 20060912 Re: Variant of Bleichenbacher's crypto 06 rump session attack",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html",
               },
               {
                  name: "USN-348-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-348-1",
               },
               {
                  name: "ADV-2007-2289",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/2289",
               },
               {
                  name: "22097",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22097",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2006-09-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "25762",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/25762",
            },
            {
               name: "22992",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22992",
            },
            {
               name: "21937",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/21937",
            },
            {
               name: "22049",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22049",
            },
            {
               name: "1016844",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1016844",
            },
            {
               name: "ADV-2006-3899",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/3899",
            },
            {
               name: "20027",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/20027",
            },
            {
               name: "SUSE-SR:2006:023",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_23_sr.html",
            },
            {
               name: "MDKSA-2006:166",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:166",
            },
            {
               name: "RHSA-2006:0680",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2006-0680.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnu.org/software/gnutls/security.html",
            },
            {
               name: "oval:org.mitre.oval:def:9937",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9937",
            },
            {
               name: "102970",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1",
            },
            {
               name: "ADV-2006-3635",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/3635",
            },
            {
               name: "21942",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/21942",
            },
            {
               name: "[gnutls-dev] 20060908 Variant of Bleichenbacher's crypto 06 rump session attack",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html",
            },
            {
               name: "22080",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22080",
            },
            {
               name: "GLSA-200609-15",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200609-15.xml",
            },
            {
               name: "SUSE-SA:2007:010",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html",
            },
            {
               name: "DSA-1182",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2006/dsa-1182",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm",
            },
            {
               name: "gnutls-rsakey-security-bypass(28953)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/28953",
            },
            {
               name: "102648",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1",
            },
            {
               name: "21973",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/21973",
            },
            {
               name: "22226",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22226",
            },
            {
               name: "22084",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22084",
            },
            {
               name: "[gnutls-dev] 20060912 Re: Variant of Bleichenbacher's crypto 06 rump session attack",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html",
            },
            {
               name: "USN-348-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-348-1",
            },
            {
               name: "ADV-2007-2289",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/2289",
            },
            {
               name: "22097",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22097",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2006-4790",
      datePublished: "2006-09-14T19:00:00",
      dateReserved: "2006-09-13T00:00:00",
      dateUpdated: "2024-08-07T19:23:41.157Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-1573
Vulnerability from cvelistv5
Published
2012-03-26 19:00
Modified
2024-08-06 19:01
Severity ?
Summary
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
References
http://www.ubuntu.com/usn/USN-1418-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/57260third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-0531.htmlvendor-advisory, x_refsource_REDHAT
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912mailing-list, x_refsource_MLIST
http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=805432x_refsource_CONFIRM
http://secunia.com/advisories/48511third-party-advisory, x_refsource_SECUNIA
http://osvdb.org/80259vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/52667vdb-entry, x_refsource_BID
http://www.openwall.com/lists/oss-security/2012/03/21/5mailing-list, x_refsource_MLIST
http://secunia.com/advisories/48488third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/48712third-party-advisory, x_refsource_SECUNIA
http://www.gnu.org/software/gnutls/security.htmlx_refsource_CONFIRM
http://www.securitytracker.com/id?1026828vdb-entry, x_refsource_SECTRACK
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.htmlvendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.htmlvendor-advisory, x_refsource_FEDORA
http://rhn.redhat.com/errata/RHSA-2012-0488.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/48596third-party-advisory, x_refsource_SECUNIA
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/x_refsource_MISC
http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57dx_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2012/03/21/4mailing-list, x_refsource_MLIST
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910mailing-list, x_refsource_MLIST
http://www.debian.org/security/2012/dsa-2441vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2012:040vendor-advisory, x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2012-0429.htmlvendor-advisory, x_refsource_REDHAT
http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.htmlmailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T19:01:01.946Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "USN-1418-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1418-1",
               },
               {
                  name: "57260",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57260",
               },
               {
                  name: "RHSA-2012:0531",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
               },
               {
                  name: "[gnutls-devel] 20120302 gnutls 3.0.15",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=805432",
               },
               {
                  name: "48511",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48511",
               },
               {
                  name: "80259",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80259",
               },
               {
                  name: "52667",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/52667",
               },
               {
                  name: "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/03/21/5",
               },
               {
                  name: "48488",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48488",
               },
               {
                  name: "48712",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48712",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnu.org/software/gnutls/security.html",
               },
               {
                  name: "1026828",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1026828",
               },
               {
                  name: "FEDORA-2012-4569",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html",
               },
               {
                  name: "FEDORA-2012-4578",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html",
               },
               {
                  name: "RHSA-2012:0488",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
               },
               {
                  name: "SUSE-SU-2014:0320",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
               },
               {
                  name: "48596",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48596",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d",
               },
               {
                  name: "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/03/21/4",
               },
               {
                  name: "[gnutls-devel] 20120302 gnutls 2.12.16",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910",
               },
               {
                  name: "DSA-2441",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2012/dsa-2441",
               },
               {
                  name: "MDVSA-2012:040",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040",
               },
               {
                  name: "RHSA-2012:0429",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-0429.html",
               },
               {
                  name: "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-03-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-17T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "USN-1418-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1418-1",
            },
            {
               name: "57260",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57260",
            },
            {
               name: "RHSA-2012:0531",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
            },
            {
               name: "[gnutls-devel] 20120302 gnutls 3.0.15",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=805432",
            },
            {
               name: "48511",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48511",
            },
            {
               name: "80259",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80259",
            },
            {
               name: "52667",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/52667",
            },
            {
               name: "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/03/21/5",
            },
            {
               name: "48488",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48488",
            },
            {
               name: "48712",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48712",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnu.org/software/gnutls/security.html",
            },
            {
               name: "1026828",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1026828",
            },
            {
               name: "FEDORA-2012-4569",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html",
            },
            {
               name: "FEDORA-2012-4578",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html",
            },
            {
               name: "RHSA-2012:0488",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
            },
            {
               name: "SUSE-SU-2014:0320",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
            },
            {
               name: "48596",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48596",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d",
            },
            {
               name: "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/03/21/4",
            },
            {
               name: "[gnutls-devel] 20120302 gnutls 2.12.16",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910",
            },
            {
               name: "DSA-2441",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2012/dsa-2441",
            },
            {
               name: "MDVSA-2012:040",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040",
            },
            {
               name: "RHSA-2012:0429",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-0429.html",
            },
            {
               name: "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2012-1573",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "USN-1418-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-1418-1",
                  },
                  {
                     name: "57260",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57260",
                  },
                  {
                     name: "RHSA-2012:0531",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html",
                  },
                  {
                     name: "[gnutls-devel] 20120302 gnutls 3.0.15",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912",
                  },
                  {
                     name: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185",
                     refsource: "CONFIRM",
                     url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=805432",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=805432",
                  },
                  {
                     name: "48511",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/48511",
                  },
                  {
                     name: "80259",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80259",
                  },
                  {
                     name: "52667",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/52667",
                  },
                  {
                     name: "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2012/03/21/5",
                  },
                  {
                     name: "48488",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/48488",
                  },
                  {
                     name: "48712",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/48712",
                  },
                  {
                     name: "http://www.gnu.org/software/gnutls/security.html",
                     refsource: "CONFIRM",
                     url: "http://www.gnu.org/software/gnutls/security.html",
                  },
                  {
                     name: "1026828",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1026828",
                  },
                  {
                     name: "FEDORA-2012-4569",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html",
                  },
                  {
                     name: "FEDORA-2012-4578",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html",
                  },
                  {
                     name: "RHSA-2012:0488",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2012-0488.html",
                  },
                  {
                     name: "SUSE-SU-2014:0320",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
                  },
                  {
                     name: "48596",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/48596",
                  },
                  {
                     name: "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
                     refsource: "MISC",
                     url: "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/",
                  },
                  {
                     name: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d",
                     refsource: "CONFIRM",
                     url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d",
                  },
                  {
                     name: "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2012/03/21/4",
                  },
                  {
                     name: "[gnutls-devel] 20120302 gnutls 2.12.16",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910",
                  },
                  {
                     name: "DSA-2441",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2012/dsa-2441",
                  },
                  {
                     name: "MDVSA-2012:040",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040",
                  },
                  {
                     name: "RHSA-2012:0429",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2012-0429.html",
                  },
                  {
                     name: "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1",
                     refsource: "BUGTRAQ",
                     url: "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-1573",
      datePublished: "2012-03-26T19:00:00",
      dateReserved: "2012-03-12T00:00:00",
      dateUpdated: "2024-08-06T19:01:01.946Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-7507
Vulnerability from cvelistv5
Published
2017-06-16 19:00
Modified
2024-08-05 16:04
Severity ?
Summary
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
References
http://www.securityfocus.com/bid/99102vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:2292vendor-advisory, x_refsource_REDHAT
https://www.gnutls.org/security.html#GNUTLS-SA-2017-4x_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3884vendor-advisory, x_refsource_DEBIAN
Impacted products
Vendor Product Version
GnuTLS gnutls Version: 3.5.12
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T16:04:11.924Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "99102",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/99102",
               },
               {
                  name: "RHSA-2017:2292",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2292",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4",
               },
               {
                  name: "DSA-3884",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2017/dsa-3884",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "gnutls",
               vendor: "GnuTLS",
               versions: [
                  {
                     status: "affected",
                     version: "3.5.12",
                  },
               ],
            },
         ],
         datePublic: "2017-06-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "NULL pointer dereference",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "99102",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/99102",
            },
            {
               name: "RHSA-2017:2292",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2292",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.gnutls.org/security.html#GNUTLS-SA-2017-4",
            },
            {
               name: "DSA-3884",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2017/dsa-3884",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2017-7507",
      datePublished: "2017-06-16T19:00:00",
      dateReserved: "2017-04-05T00:00:00",
      dateUpdated: "2024-08-05T16:04:11.924Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2008-1948
Vulnerability from cvelistv5
Published
2008-05-21 10:00
Modified
2024-08-07 08:41
Severity ?
Summary
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
References
http://secunia.com/advisories/30331third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31939third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-613-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.htmlvendor-advisory, x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2008-0492.htmlvendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2008/05/20/1mailing-list, x_refsource_MLIST
http://security.gentoo.org/glsa/glsa-200805-20.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/30355third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30317third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/492282/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2008-0489.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/archive/1/492464/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/42532vdb-entry, x_refsource_XF
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.htmlmailing-list, x_refsource_MLIST
http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/111034third-party-advisory, x_refsource_CERT-VN
http://secunia.com/advisories/30324third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30302third-party-advisory, x_refsource_SECUNIA
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.htmlmailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2008/1583/referencesvdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/29292vdb-entry, x_refsource_BID
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/30330third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1582/referencesvdb-entry, x_refsource_VUPEN
http://www.openwall.com/lists/oss-security/2008/05/20/3mailing-list, x_refsource_MLIST
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174x_refsource_CONFIRM
http://secunia.com/advisories/30338third-party-advisory, x_refsource_SECUNIA
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.htmlmailing-list, x_refsource_MLIST
http://www.debian.org/security/2008/dsa-1581vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2008/05/20/2mailing-list, x_refsource_MLIST
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.htmlvendor-advisory, x_refsource_FEDORA
http://securityreason.com/securityalert/3902third-party-advisory, x_refsource_SREASON
https://issues.rpath.com/browse/RPL-2552x_refsource_CONFIRM
http://www.securitytracker.com/id?1020057vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/30287third-party-advisory, x_refsource_SECUNIA
http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97bx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935vdb-entry, signature, x_refsource_OVAL
http://www.cert.fi/haavoittuvuudet/advisory-gnutls.htmlx_refsource_MISC
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.htmlvendor-advisory, x_refsource_FEDORA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:106vendor-advisory, x_refsource_MANDRIVA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T08:41:00.219Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "30331",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30331",
               },
               {
                  name: "31939",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/31939",
               },
               {
                  name: "USN-613-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-613-1",
               },
               {
                  name: "SUSE-SA:2008:046",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
               },
               {
                  name: "RHSA-2008:0492",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
               },
               {
                  name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
               },
               {
                  name: "GLSA-200805-20",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
               },
               {
                  name: "30355",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30355",
               },
               {
                  name: "30317",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30317",
               },
               {
                  name: "20080520 Vulnerability Advisory on GnuTLS",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
               },
               {
                  name: "RHSA-2008:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
               },
               {
                  name: "20080522 rPSA-2008-0174-1 gnutls",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
               },
               {
                  name: "gnutls-gnutlsservernamerecvparams-bo(42532)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42532",
               },
               {
                  name: "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
               },
               {
                  name: "VU#111034",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/111034",
               },
               {
                  name: "30324",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30324",
               },
               {
                  name: "30302",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30302",
               },
               {
                  name: "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
               },
               {
                  name: "ADV-2008-1583",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1583/references",
               },
               {
                  name: "29292",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/29292",
               },
               {
                  name: "FEDORA-2008-4274",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
               },
               {
                  name: "30330",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30330",
               },
               {
                  name: "ADV-2008-1582",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1582/references",
               },
               {
                  name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
               },
               {
                  name: "30338",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30338",
               },
               {
                  name: "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
               },
               {
                  name: "DSA-1581",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2008/dsa-1581",
               },
               {
                  name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
               },
               {
                  name: "FEDORA-2008-4259",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
               },
               {
                  name: "3902",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SREASON",
                     "x_transferred",
                  ],
                  url: "http://securityreason.com/securityalert/3902",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.rpath.com/browse/RPL-2552",
               },
               {
                  name: "1020057",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1020057",
               },
               {
                  name: "30287",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30287",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
               },
               {
                  name: "oval:org.mitre.oval:def:10935",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
               },
               {
                  name: "FEDORA-2008-4183",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
               },
               {
                  name: "MDVSA-2008:106",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-05-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-11T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "30331",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30331",
            },
            {
               name: "31939",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/31939",
            },
            {
               name: "USN-613-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-613-1",
            },
            {
               name: "SUSE-SA:2008:046",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
            },
            {
               name: "RHSA-2008:0492",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
            },
            {
               name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
            },
            {
               name: "GLSA-200805-20",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
            },
            {
               name: "30355",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30355",
            },
            {
               name: "30317",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30317",
            },
            {
               name: "20080520 Vulnerability Advisory on GnuTLS",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
            },
            {
               name: "RHSA-2008:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
            },
            {
               name: "20080522 rPSA-2008-0174-1 gnutls",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
            },
            {
               name: "gnutls-gnutlsservernamerecvparams-bo(42532)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42532",
            },
            {
               name: "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
            },
            {
               name: "VU#111034",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/111034",
            },
            {
               name: "30324",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30324",
            },
            {
               name: "30302",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30302",
            },
            {
               name: "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
            },
            {
               name: "ADV-2008-1583",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1583/references",
            },
            {
               name: "29292",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/29292",
            },
            {
               name: "FEDORA-2008-4274",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
            },
            {
               name: "30330",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30330",
            },
            {
               name: "ADV-2008-1582",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1582/references",
            },
            {
               name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
            },
            {
               name: "30338",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30338",
            },
            {
               name: "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
            },
            {
               name: "DSA-1581",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2008/dsa-1581",
            },
            {
               name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
            },
            {
               name: "FEDORA-2008-4259",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
            },
            {
               name: "3902",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SREASON",
               ],
               url: "http://securityreason.com/securityalert/3902",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.rpath.com/browse/RPL-2552",
            },
            {
               name: "1020057",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1020057",
            },
            {
               name: "30287",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30287",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
            },
            {
               name: "oval:org.mitre.oval:def:10935",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
            },
            {
               name: "FEDORA-2008-4183",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
            },
            {
               name: "MDVSA-2008:106",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2008-1948",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "30331",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30331",
                  },
                  {
                     name: "31939",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/31939",
                  },
                  {
                     name: "USN-613-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/usn-613-1",
                  },
                  {
                     name: "SUSE-SA:2008:046",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
                  },
                  {
                     name: "RHSA-2008:0492",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
                  },
                  {
                     name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
                  },
                  {
                     name: "GLSA-200805-20",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
                  },
                  {
                     name: "30355",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30355",
                  },
                  {
                     name: "30317",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30317",
                  },
                  {
                     name: "20080520 Vulnerability Advisory on GnuTLS",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
                  },
                  {
                     name: "RHSA-2008:0489",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
                  },
                  {
                     name: "20080522 rPSA-2008-0174-1 gnutls",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
                  },
                  {
                     name: "gnutls-gnutlsservernamerecvparams-bo(42532)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42532",
                  },
                  {
                     name: "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
                  },
                  {
                     name: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
                     refsource: "CONFIRM",
                     url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
                  },
                  {
                     name: "VU#111034",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/111034",
                  },
                  {
                     name: "30324",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30324",
                  },
                  {
                     name: "30302",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30302",
                  },
                  {
                     name: "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
                  },
                  {
                     name: "ADV-2008-1583",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1583/references",
                  },
                  {
                     name: "29292",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/29292",
                  },
                  {
                     name: "FEDORA-2008-4274",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
                  },
                  {
                     name: "30330",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30330",
                  },
                  {
                     name: "ADV-2008-1582",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1582/references",
                  },
                  {
                     name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
                  },
                  {
                     name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
                     refsource: "CONFIRM",
                     url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
                  },
                  {
                     name: "30338",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30338",
                  },
                  {
                     name: "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
                  },
                  {
                     name: "DSA-1581",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2008/dsa-1581",
                  },
                  {
                     name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
                  },
                  {
                     name: "FEDORA-2008-4259",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
                  },
                  {
                     name: "3902",
                     refsource: "SREASON",
                     url: "http://securityreason.com/securityalert/3902",
                  },
                  {
                     name: "https://issues.rpath.com/browse/RPL-2552",
                     refsource: "CONFIRM",
                     url: "https://issues.rpath.com/browse/RPL-2552",
                  },
                  {
                     name: "1020057",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1020057",
                  },
                  {
                     name: "30287",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30287",
                  },
                  {
                     name: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
                     refsource: "CONFIRM",
                     url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10935",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935",
                  },
                  {
                     name: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
                     refsource: "MISC",
                     url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
                  },
                  {
                     name: "FEDORA-2008-4183",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
                  },
                  {
                     name: "MDVSA-2008:106",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2008-1948",
      datePublished: "2008-05-21T10:00:00",
      dateReserved: "2008-04-24T00:00:00",
      dateUpdated: "2024-08-07T08:41:00.219Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-0294
Vulnerability from cvelistv5
Published
2020-01-27 15:12
Modified
2024-08-06 04:03
Severity ?
Summary
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
Impacted products
Vendor Product Version
GnuTLS GnuTLS Version: before 3.3.13
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:03:10.950Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1196323",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2015/dsa-3191",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "GnuTLS",
               vendor: "GnuTLS",
               versions: [
                  {
                     status: "affected",
                     version: "before 3.3.13",
                  },
               ],
            },
         ],
         datePublic: "2015-03-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Cryptography",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-27T15:12:11",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1196323",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.debian.org/security/2015/dsa-3191",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-0294",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "GnuTLS",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "before 3.3.13",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "GnuTLS",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Cryptography",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1196323",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1196323",
                  },
                  {
                     name: "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff",
                     refsource: "MISC",
                     url: "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff",
                  },
                  {
                     name: "http://www.debian.org/security/2015/dsa-3191",
                     refsource: "MISC",
                     url: "http://www.debian.org/security/2015/dsa-3191",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-0294",
      datePublished: "2020-01-27T15:12:11",
      dateReserved: "2014-11-18T00:00:00",
      dateUpdated: "2024-08-06T04:03:10.950Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-1416
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 05:13
Severity ?
Summary
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
References
http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.htmlmailing-list, x_refsource_MLIST
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516mailing-list, x_refsource_MLIST
http://www.securitytracker.com/id?1022158vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2009/1218vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/34783vdb-entry, x_refsource_BID
http://security.gentoo.org/glsa/glsa-200905-04.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/34842third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35211third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116vendor-advisory, x_refsource_MANDRIVA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T05:13:25.566Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[help-gnutls] 20090420 Encryption using DSA keys",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html",
               },
               {
                  name: "[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516",
               },
               {
                  name: "1022158",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1022158",
               },
               {
                  name: "ADV-2009-1218",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/1218",
               },
               {
                  name: "34783",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/34783",
               },
               {
                  name: "GLSA-200905-04",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
               },
               {
                  name: "34842",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/34842",
               },
               {
                  name: "35211",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/35211",
               },
               {
                  name: "MDVSA-2009:116",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-04-30T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2009-05-13T09:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[help-gnutls] 20090420 Encryption using DSA keys",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html",
            },
            {
               name: "[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516",
            },
            {
               name: "1022158",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1022158",
            },
            {
               name: "ADV-2009-1218",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/1218",
            },
            {
               name: "34783",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/34783",
            },
            {
               name: "GLSA-200905-04",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
            },
            {
               name: "34842",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/34842",
            },
            {
               name: "35211",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/35211",
            },
            {
               name: "MDVSA-2009:116",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2009-1416",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[help-gnutls] 20090420 Encryption using DSA keys",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html",
                  },
                  {
                     name: "[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]",
                     refsource: "MLIST",
                     url: "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516",
                  },
                  {
                     name: "1022158",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1022158",
                  },
                  {
                     name: "ADV-2009-1218",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2009/1218",
                  },
                  {
                     name: "34783",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/34783",
                  },
                  {
                     name: "GLSA-200905-04",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200905-04.xml",
                  },
                  {
                     name: "34842",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/34842",
                  },
                  {
                     name: "35211",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/35211",
                  },
                  {
                     name: "MDVSA-2009:116",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2009-1416",
      datePublished: "2009-04-30T20:00:00",
      dateReserved: "2009-04-24T00:00:00",
      dateUpdated: "2024-08-07T05:13:25.566Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2008-1950
Vulnerability from cvelistv5
Published
2008-05-21 10:00
Modified
2024-08-07 08:41
Severity ?
Summary
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
References
http://secunia.com/advisories/30331third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31939third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-613-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.htmlvendor-advisory, x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2008-0492.htmlvendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2008/05/20/1mailing-list, x_refsource_MLIST
http://security.gentoo.org/glsa/glsa-200805-20.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/30355third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30317third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/492282/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2008-0489.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/archive/1/492464/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.htmlmailing-list, x_refsource_MLIST
http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558x_refsource_CONFIRM
http://secunia.com/advisories/30324third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30302third-party-advisory, x_refsource_SECUNIA
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.htmlmailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2008/1583/referencesvdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/29292vdb-entry, x_refsource_BID
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/30330third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1020059vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/1582/referencesvdb-entry, x_refsource_VUPEN
http://www.openwall.com/lists/oss-security/2008/05/20/3mailing-list, x_refsource_MLIST
http://www.kb.cert.org/vuls/id/659209third-party-advisory, x_refsource_CERT-VN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174x_refsource_CONFIRM
http://secunia.com/advisories/30338third-party-advisory, x_refsource_SECUNIA
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.htmlmailing-list, x_refsource_MLIST
http://www.debian.org/security/2008/dsa-1581vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2008/05/20/2mailing-list, x_refsource_MLIST
https://exchange.xforce.ibmcloud.com/vulnerabilities/42533vdb-entry, x_refsource_XF
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.htmlvendor-advisory, x_refsource_FEDORA
http://securityreason.com/securityalert/3902third-party-advisory, x_refsource_SREASON
https://issues.rpath.com/browse/RPL-2552x_refsource_CONFIRM
http://secunia.com/advisories/30287third-party-advisory, x_refsource_SECUNIA
http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97bx_refsource_CONFIRM
http://www.cert.fi/haavoittuvuudet/advisory-gnutls.htmlx_refsource_MISC
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.htmlvendor-advisory, x_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393vdb-entry, signature, x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDVSA-2008:106vendor-advisory, x_refsource_MANDRIVA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T08:41:00.178Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "30331",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30331",
               },
               {
                  name: "31939",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/31939",
               },
               {
                  name: "USN-613-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-613-1",
               },
               {
                  name: "SUSE-SA:2008:046",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
               },
               {
                  name: "RHSA-2008:0492",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
               },
               {
                  name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
               },
               {
                  name: "GLSA-200805-20",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
               },
               {
                  name: "30355",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30355",
               },
               {
                  name: "30317",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30317",
               },
               {
                  name: "20080520 Vulnerability Advisory on GnuTLS",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
               },
               {
                  name: "RHSA-2008:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
               },
               {
                  name: "20080522 rPSA-2008-0174-1 gnutls",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
               },
               {
                  name: "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
               },
               {
                  name: "30324",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30324",
               },
               {
                  name: "30302",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30302",
               },
               {
                  name: "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
               },
               {
                  name: "ADV-2008-1583",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1583/references",
               },
               {
                  name: "29292",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/29292",
               },
               {
                  name: "FEDORA-2008-4274",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
               },
               {
                  name: "30330",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30330",
               },
               {
                  name: "1020059",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1020059",
               },
               {
                  name: "ADV-2008-1582",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1582/references",
               },
               {
                  name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
               },
               {
                  name: "VU#659209",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/659209",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
               },
               {
                  name: "30338",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30338",
               },
               {
                  name: "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
               },
               {
                  name: "DSA-1581",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2008/dsa-1581",
               },
               {
                  name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
               },
               {
                  name: "gnutls-gnutlsciphertext2compressed-bo(42533)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533",
               },
               {
                  name: "FEDORA-2008-4259",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
               },
               {
                  name: "3902",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SREASON",
                     "x_transferred",
                  ],
                  url: "http://securityreason.com/securityalert/3902",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.rpath.com/browse/RPL-2552",
               },
               {
                  name: "30287",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30287",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
               },
               {
                  name: "FEDORA-2008-4183",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
               },
               {
                  name: "oval:org.mitre.oval:def:11393",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393",
               },
               {
                  name: "MDVSA-2008:106",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-05-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-11T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "30331",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30331",
            },
            {
               name: "31939",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/31939",
            },
            {
               name: "USN-613-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-613-1",
            },
            {
               name: "SUSE-SA:2008:046",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
            },
            {
               name: "RHSA-2008:0492",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
            },
            {
               name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
            },
            {
               name: "GLSA-200805-20",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
            },
            {
               name: "30355",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30355",
            },
            {
               name: "30317",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30317",
            },
            {
               name: "20080520 Vulnerability Advisory on GnuTLS",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
            },
            {
               name: "RHSA-2008:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
            },
            {
               name: "20080522 rPSA-2008-0174-1 gnutls",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
            },
            {
               name: "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
            },
            {
               name: "30324",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30324",
            },
            {
               name: "30302",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30302",
            },
            {
               name: "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
            },
            {
               name: "ADV-2008-1583",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1583/references",
            },
            {
               name: "29292",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/29292",
            },
            {
               name: "FEDORA-2008-4274",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
            },
            {
               name: "30330",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30330",
            },
            {
               name: "1020059",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1020059",
            },
            {
               name: "ADV-2008-1582",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1582/references",
            },
            {
               name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
            },
            {
               name: "VU#659209",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/659209",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
            },
            {
               name: "30338",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30338",
            },
            {
               name: "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
            },
            {
               name: "DSA-1581",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2008/dsa-1581",
            },
            {
               name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
            },
            {
               name: "gnutls-gnutlsciphertext2compressed-bo(42533)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533",
            },
            {
               name: "FEDORA-2008-4259",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
            },
            {
               name: "3902",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SREASON",
               ],
               url: "http://securityreason.com/securityalert/3902",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.rpath.com/browse/RPL-2552",
            },
            {
               name: "30287",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30287",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
            },
            {
               name: "FEDORA-2008-4183",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
            },
            {
               name: "oval:org.mitre.oval:def:11393",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393",
            },
            {
               name: "MDVSA-2008:106",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2008-1950",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "30331",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30331",
                  },
                  {
                     name: "31939",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/31939",
                  },
                  {
                     name: "USN-613-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/usn-613-1",
                  },
                  {
                     name: "SUSE-SA:2008:046",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html",
                  },
                  {
                     name: "RHSA-2008:0492",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2008-0492.html",
                  },
                  {
                     name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2008/05/20/1",
                  },
                  {
                     name: "GLSA-200805-20",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200805-20.xml",
                  },
                  {
                     name: "30355",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30355",
                  },
                  {
                     name: "30317",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30317",
                  },
                  {
                     name: "20080520 Vulnerability Advisory on GnuTLS",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/492282/100/0/threaded",
                  },
                  {
                     name: "RHSA-2008:0489",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2008-0489.html",
                  },
                  {
                     name: "20080522 rPSA-2008-0174-1 gnutls",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/492464/100/0/threaded",
                  },
                  {
                     name: "[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html",
                  },
                  {
                     name: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
                     refsource: "CONFIRM",
                     url: "http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558",
                  },
                  {
                     name: "30324",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30324",
                  },
                  {
                     name: "30302",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30302",
                  },
                  {
                     name: "[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html",
                  },
                  {
                     name: "ADV-2008-1583",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1583/references",
                  },
                  {
                     name: "29292",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/29292",
                  },
                  {
                     name: "FEDORA-2008-4274",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html",
                  },
                  {
                     name: "30330",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30330",
                  },
                  {
                     name: "1020059",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1020059",
                  },
                  {
                     name: "ADV-2008-1582",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1582/references",
                  },
                  {
                     name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2008/05/20/3",
                  },
                  {
                     name: "VU#659209",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/659209",
                  },
                  {
                     name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
                     refsource: "CONFIRM",
                     url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174",
                  },
                  {
                     name: "30338",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30338",
                  },
                  {
                     name: "[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release",
                     refsource: "MLIST",
                     url: "http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html",
                  },
                  {
                     name: "DSA-1581",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2008/dsa-1581",
                  },
                  {
                     name: "[oss-security] 20080520 Re: CVE ID request: GNUTLS",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2008/05/20/2",
                  },
                  {
                     name: "gnutls-gnutlsciphertext2compressed-bo(42533)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42533",
                  },
                  {
                     name: "FEDORA-2008-4259",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html",
                  },
                  {
                     name: "3902",
                     refsource: "SREASON",
                     url: "http://securityreason.com/securityalert/3902",
                  },
                  {
                     name: "https://issues.rpath.com/browse/RPL-2552",
                     refsource: "CONFIRM",
                     url: "https://issues.rpath.com/browse/RPL-2552",
                  },
                  {
                     name: "30287",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30287",
                  },
                  {
                     name: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
                     refsource: "CONFIRM",
                     url: "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b",
                  },
                  {
                     name: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
                     refsource: "MISC",
                     url: "http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html",
                  },
                  {
                     name: "FEDORA-2008-4183",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:11393",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393",
                  },
                  {
                     name: "MDVSA-2008:106",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:106",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2008-1950",
      datePublished: "2008-05-21T10:00:00",
      dateReserved: "2008-04-24T00:00:00",
      dateUpdated: "2024-08-07T08:41:00.178Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-1431
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-08-07 21:51
Severity ?
Summary
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.
References
http://secunia.com/advisories/15193third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-430.htmlvendor-advisory, x_refsource_REDHAT
http://www.osvdb.org/16054vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/13477vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/20328vdb-entry, x_refsource_XF
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238vdb-entry, signature, x_refsource_OVAL
http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.htmlmailing-list, x_refsource_MLIST
http://securitytracker.com/id?1013861vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:51:50.074Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "15193",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/15193",
               },
               {
                  name: "RHSA-2005:430",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-430.html",
               },
               {
                  name: "16054",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/16054",
               },
               {
                  name: "13477",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/13477",
               },
               {
                  name: "gnutls-record-parsing-dos(20328)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20328",
               },
               {
                  name: "oval:org.mitre.oval:def:9238",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238",
               },
               {
                  name: "[gnutls-dev] 20050428 GnuTLS 1.2.3 and 1.0.25",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html",
               },
               {
                  name: "1013861",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1013861",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-05-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The \"record packet parsing\" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "15193",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/15193",
            },
            {
               name: "RHSA-2005:430",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-430.html",
            },
            {
               name: "16054",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/16054",
            },
            {
               name: "13477",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/13477",
            },
            {
               name: "gnutls-record-parsing-dos(20328)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20328",
            },
            {
               name: "oval:org.mitre.oval:def:9238",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238",
            },
            {
               name: "[gnutls-dev] 20050428 GnuTLS 1.2.3 and 1.0.25",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html",
            },
            {
               name: "1013861",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1013861",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-1431",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The \"record packet parsing\" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "15193",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/15193",
                  },
                  {
                     name: "RHSA-2005:430",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-430.html",
                  },
                  {
                     name: "16054",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/16054",
                  },
                  {
                     name: "13477",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/13477",
                  },
                  {
                     name: "gnutls-record-parsing-dos(20328)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20328",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9238",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238",
                  },
                  {
                     name: "[gnutls-dev] 20050428 GnuTLS 1.2.3 and 1.0.25",
                     refsource: "MLIST",
                     url: "http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html",
                  },
                  {
                     name: "1013861",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1013861",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-1431",
      datePublished: "2005-05-03T04:00:00",
      dateReserved: "2005-05-03T00:00:00",
      dateUpdated: "2024-08-07T21:51:50.074Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3465
Vulnerability from cvelistv5
Published
2014-06-10 14:00
Modified
2024-08-06 10:43
Severity ?
Summary
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:43:06.429Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[gnutls-help] 20140131 gnutls 3.2.10",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1101734",
               },
               {
                  name: "59086",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59086",
               },
               {
                  name: "RHSA-2014:0684",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0684.html",
               },
               {
                  name: "openSUSE-SU-2014:0763",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6",
               },
               {
                  name: "openSUSE-SU-2014:0767",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html",
               },
               {
                  name: "[gnutls-help] 20140131 gnutls 3.1.20",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-01-31T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-12-28T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "[gnutls-help] 20140131 gnutls 3.2.10",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1101734",
            },
            {
               name: "59086",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59086",
            },
            {
               name: "RHSA-2014:0684",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0684.html",
            },
            {
               name: "openSUSE-SU-2014:0763",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6",
            },
            {
               name: "openSUSE-SU-2014:0767",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html",
            },
            {
               name: "[gnutls-help] 20140131 gnutls 3.1.20",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2014-3465",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[gnutls-help] 20140131 gnutls 3.2.10",
                     refsource: "MLIST",
                     url: "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1101734",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1101734",
                  },
                  {
                     name: "59086",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59086",
                  },
                  {
                     name: "RHSA-2014:0684",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0684.html",
                  },
                  {
                     name: "openSUSE-SU-2014:0763",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html",
                  },
                  {
                     name: "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6",
                     refsource: "CONFIRM",
                     url: "https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6",
                  },
                  {
                     name: "openSUSE-SU-2014:0767",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html",
                  },
                  {
                     name: "[gnutls-help] 20140131 gnutls 3.1.20",
                     refsource: "MLIST",
                     url: "http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3465",
      datePublished: "2014-06-10T14:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:43:06.429Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-8564
Vulnerability from cvelistv5
Published
2014-11-13 15:00
Modified
2024-08-06 13:18
Severity ?
Summary
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
References
http://secunia.com/advisories/59991third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-1846.htmlvendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-2403-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/62294third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1161443x_refsource_CONFIRM
http://secunia.com/advisories/62284third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:18:48.419Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "59991",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59991",
               },
               {
                  name: "RHSA-2014:1846",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-1846.html",
               },
               {
                  name: "USN-2403-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2403-1",
               },
               {
                  name: "62294",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/62294",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1161443",
               },
               {
                  name: "62284",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/62284",
               },
               {
                  name: "openSUSE-SU-2014:1472",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-11-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-11-24T15:57:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "59991",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59991",
            },
            {
               name: "RHSA-2014:1846",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-1846.html",
            },
            {
               name: "USN-2403-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2403-1",
            },
            {
               name: "62294",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/62294",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1161443",
            },
            {
               name: "62284",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/62284",
            },
            {
               name: "openSUSE-SU-2014:1472",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-8564",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "59991",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/59991",
                  },
                  {
                     name: "RHSA-2014:1846",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-1846.html",
                  },
                  {
                     name: "USN-2403-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2403-1",
                  },
                  {
                     name: "62294",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/62294",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1161443",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1161443",
                  },
                  {
                     name: "62284",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/62284",
                  },
                  {
                     name: "openSUSE-SU-2014:1472",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-8564",
      datePublished: "2014-11-13T15:00:00",
      dateReserved: "2014-10-30T00:00:00",
      dateUpdated: "2024-08-06T13:18:48.419Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13777
Vulnerability from cvelistv5
Published
2020-06-04 07:01
Modified
2024-08-04 12:25
Severity ?
Summary
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:25:16.491Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03",
               },
               {
                  name: "DSA-4697",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4697",
               },
               {
                  name: "FEDORA-2020-0cce3578e2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/",
               },
               {
                  name: "GLSA-202006-01",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202006-01",
               },
               {
                  name: "USN-4384-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4384-1/",
               },
               {
                  name: "openSUSE-SU-2020:0790",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html",
               },
               {
                  name: "FEDORA-2020-76b705bb63",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/",
               },
               {
                  name: "FEDORA-2020-ea11cb5ccc",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/",
               },
               {
                  name: "FEDORA-2020-4f78f122a3",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20200619-0004/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-19T10:06:08",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03",
            },
            {
               name: "DSA-4697",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4697",
            },
            {
               name: "FEDORA-2020-0cce3578e2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/",
            },
            {
               name: "GLSA-202006-01",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202006-01",
            },
            {
               name: "USN-4384-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4384-1/",
            },
            {
               name: "openSUSE-SU-2020:0790",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html",
            },
            {
               name: "FEDORA-2020-76b705bb63",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/",
            },
            {
               name: "FEDORA-2020-ea11cb5ccc",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/",
            },
            {
               name: "FEDORA-2020-4f78f122a3",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20200619-0004/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13777",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03",
                     refsource: "CONFIRM",
                     url: "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03",
                  },
                  {
                     name: "DSA-4697",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4697",
                  },
                  {
                     name: "FEDORA-2020-0cce3578e2",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/",
                  },
                  {
                     name: "GLSA-202006-01",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202006-01",
                  },
                  {
                     name: "USN-4384-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4384-1/",
                  },
                  {
                     name: "openSUSE-SU-2020:0790",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html",
                  },
                  {
                     name: "FEDORA-2020-76b705bb63",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/",
                  },
                  {
                     name: "FEDORA-2020-ea11cb5ccc",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/",
                  },
                  {
                     name: "FEDORA-2020-4f78f122a3",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20200619-0004/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20200619-0004/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13777",
      datePublished: "2020-06-04T07:01:07",
      dateReserved: "2020-06-03T00:00:00",
      dateUpdated: "2024-08-04T12:25:16.491Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-1619
Vulnerability from cvelistv5
Published
2013-02-08 19:00
Modified
2024-08-06 15:04
Severity ?
Summary
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T15:04:49.607Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "57260",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57260",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
               },
               {
                  name: "57274",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/57274",
               },
               {
                  name: "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2013/02/05/24",
               },
               {
                  name: "SUSE-SU-2014:0320",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
               },
               {
                  name: "SUSE-SU-2014:0322",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html",
               },
               {
                  name: "USN-1752-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1752-1",
               },
               {
                  name: "openSUSE-SU-2013:0807",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html",
               },
               {
                  name: "openSUSE-SU-2014:0346",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html",
               },
               {
                  name: "RHSA-2013:0588",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0588.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-02-05T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-03-18T11:57:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "57260",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57260",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
            },
            {
               name: "57274",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/57274",
            },
            {
               name: "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openwall.com/lists/oss-security/2013/02/05/24",
            },
            {
               name: "SUSE-SU-2014:0320",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
            },
            {
               name: "SUSE-SU-2014:0322",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html",
            },
            {
               name: "USN-1752-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1752-1",
            },
            {
               name: "openSUSE-SU-2013:0807",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html",
            },
            {
               name: "openSUSE-SU-2014:0346",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html",
            },
            {
               name: "RHSA-2013:0588",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0588.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-1619",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "57260",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57260",
                  },
                  {
                     name: "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0",
                     refsource: "CONFIRM",
                     url: "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0",
                  },
                  {
                     name: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1",
                     refsource: "CONFIRM",
                     url: "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1",
                  },
                  {
                     name: "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
                     refsource: "MISC",
                     url: "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
                  },
                  {
                     name: "57274",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/57274",
                  },
                  {
                     name: "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
                     refsource: "MLIST",
                     url: "http://openwall.com/lists/oss-security/2013/02/05/24",
                  },
                  {
                     name: "SUSE-SU-2014:0320",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html",
                  },
                  {
                     name: "SUSE-SU-2014:0322",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html",
                  },
                  {
                     name: "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html",
                     refsource: "CONFIRM",
                     url: "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html",
                  },
                  {
                     name: "USN-1752-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-1752-1",
                  },
                  {
                     name: "openSUSE-SU-2013:0807",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html",
                  },
                  {
                     name: "openSUSE-SU-2014:0346",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html",
                  },
                  {
                     name: "RHSA-2013:0588",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-0588.html",
                  },
                  {
                     name: "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198",
                     refsource: "CONFIRM",
                     url: "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-1619",
      datePublished: "2013-02-08T19:00:00",
      dateReserved: "2013-02-05T00:00:00",
      dateUpdated: "2024-08-06T15:04:49.607Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

var-200911-0398
Vulnerability from variot

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Hitachi Web Server for, SSL There is a vulnerability in which arbitrary data is inserted at the beginning of communication data when using the function.Arbitrary data may be inserted at the beginning of communication data by a third party. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.

SOLUTION: Apply updates (please see the vendor's advisory for details). =========================================================== Ubuntu Security Notice USN-860-1 November 19, 2009 apache2 vulnerabilities CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 ===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.9

Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.14

Ubuntu 8.10: apache2.2-common 2.2.9-7ubuntu3.5

Ubuntu 9.04: apache2.2-common 2.2.11-2ubuntu2.5

Ubuntu 9.10: apache2.2-common 2.2.12-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. The flaw is with TLS renegotiation and potentially affects any software that supports this feature. Attacks against the HTTPS protocol are known, with the severity of the issue depending on the safeguards used in the web application. Until the TLS protocol and underlying libraries are adjusted to defend against this vulnerability, a partial, temporary workaround has been applied to Apache that disables client initiated TLS renegotiation. This update does not protect against server initiated TLS renegotiation when using SSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. Users can defend againt server inititiated TLS renegotiation attacks by adjusting their Apache configuration to use SSLVerifyClient and SSLCipherSuite only on the server or virtual host level. (CVE-2009-3555)

It was discovered that mod_proxy_ftp in Apache did not properly sanitize its input when processing replies to EPASV and PASV commands. An attacker could use this to cause a denial of service in the Apache child process. (CVE-2009-3094)

Another flaw was discovered in mod_proxy_ftp. (CVE-2009-3095)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz
  Size/MD5:   130638 5d172b0ca228238e211940fad6b0935d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc
  Size/MD5:     1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
  Size/MD5:  6092031 45e32c9432a8e3cf4227f5af91b03622

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb
  Size/MD5:  2125884 643115e9135b9bf626f3a65cfc5f2ed3

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   834492 818915da9848657833480b1ead6b4a12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   229578 9086ac3033e0425ecd150b31b377ee76
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   224594 85a4480344a072868758c466f6a98747
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   229128 446b52088b9744fb776e53155403a474
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   172850 17e4cd95ecb9d0390274fca9625c2e5e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   173636 b501407d01fa07e5807c28cd1db16cd7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:    95454 a06ee30ec14b35003ebcb821624bc2af
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:    37510 4c063b1b8d831ea8a02d5ec691995dec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   287048 9cdc7502ebc526d4bc7df9b59a9d8925
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb
  Size/MD5:   145624 4b613a57da2ca57678e8c8f0c1628556

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   787870 67b1855dc984e5296ac9580e2a2f0a0c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   204122 edf40b0ff5c1824b2d6232da247ce480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   200060 6267a56fcef78f6300372810ce36ea41
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   203580 c487929bbf45b5a4dc3d035d86f7b3a0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   172876 bae257127c3d137e407a7db744f3d57a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   173660 9dd0e108ab4d3382799b29d901bf4502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:    93410 d5d602c75a28873f1cd7523857e0dd80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:    37508 22049e1ea8ea88259ff3f6e94482cfb3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   263066 43fa2ae3b43c4743c98c45ac22fb0250
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb
  Size/MD5:   133484 e70b7f81859cb92e0c50084e92216526

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   860622 6d386da8da90d363414846dbc7fa7f08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   221470 8c207b379f7ba646c94759d3e9079dd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   217132 069cab77278b101c3c4a5b172f36ba9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   220968 2f6ba65769fc964eb6dfec8a842f7621
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   172874 89137c84b5a33f526daf3f8b4c047a7e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   173662 23e576721faccb4aef732cf98e2358d4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   105198 44f9e698567784555db7d7d971b9fce2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:    37518 fe7caa2a3cf6d4227ac34692de30635e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   282644 ec0306c04778cf8c8edd622aabb0363c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb
  Size/MD5:   142730 d43356422176ca29440f3e0572678093

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   211674 eb19532b9b759c806e9a95a4ffbfad9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   207344 9e5770a4c94cbc4f9bc8cc11a6a038f1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   210948 6d1d2357cec5b88c1c2269e5c16724bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   172882 d04dd123def1bc4cfbf2ac0095432eea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   173662 6be46bbb9e92224020da49d657cb4cd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:    94510 9df6ae07a9218d6159b1eebde5d58606
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:    37506 89856bb1433e67fb23c8d34423d3e0a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   269070 bf585dec777b0306cd80663c11b020df
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb
  Size/MD5:   131466 340eaf2d2c1f129c7676a152776cfcf3

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz
  Size/MD5:   141838 37d5c93b425758839cbef5afea5353a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc
  Size/MD5:     1381 78c9a13cc2af0dbf3958a3fc98aeea84
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
  Size/MD5:  6125771 39a755eb0f584c279336387b321e3dfc

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb
  Size/MD5:  1929318 d4faaf64c2c0af807848ea171a4efa90
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb
  Size/MD5:    72920 065d63c19b22f0f7a8f7c28952b0b408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb
  Size/MD5:  6258048 33c48a093bbb868ea108a50c051437cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb
  Size/MD5:    45850 07a9463a8e4fdf1a48766d5ad08b9a3c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   253080 3c6467ee604002a5b8ebffff8554c568
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   248676 3c83ce9eb0a27f18b9c3a8c3e651cafa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   252490 cf379a515d967d89d2009be9e06d4833
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   205592 af6cb62114d2e70bf859c32008a66433
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   141660 958585d6391847cd5a618464054f7d37
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb
  Size/MD5:   803974 76d23bd94465a2f96711dc1c41b31af0

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   236060 ad4c00dc10b406cc312982b7113fa468
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   231580 07ae6a192e6c859e49d48f2b2158df40
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   235308 18a44bbffcebde8f2d66fe3a6bdbab6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   205594 73ec71599d4c8a42a69ac3099b9d50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   206374 c1524e4fa8265e7eaac046b114b8c463
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   140644 379a125b8b5b51ff8033449755ab87b8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb
  Size/MD5:   755574 9de96c8719740c2525e3c0cf7836d60b

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   235578 0265d4f6ccee2d7b5ee10cfff48fed08
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   231234 611499fb33808ecdd232e2c5350f6838
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   234738 d7757d2da2e542ce0fdad5994be1d8bd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   205592 c10ac9eb401184c379b7993b6a62cde3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   206358 fc91c0159b096e744c42014e6e5f8909
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   141212 f87d5f443e5d8e1c3eda6f976b3ceb06
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb
  Size/MD5:   749716 86ae389b81b057288ff3c0b69ef68656

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   254134 4337f858972022fa196c9a1f9bb724fb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   249596 44a6e21ff8fa81d09dab19cab4caffdb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   253698 f101a1709f21320716d4c9afb356f24f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   205604 3f4d4f6733257a7037e35101ef792352
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   206386 06402188459de8dab5279b5bfef768fa
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   158390 0acffbdb7e5602b434c4f2805f8dc4d0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb
  Size/MD5:   906022 28c3e8b63d123a4ca0632b3fed6720b5

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   237422 5651f53b09c0f36e1333c569980a0eb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   233152 1165607c64c57c84212b6b106254e885
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   236606 bbe00d0707c279a16eca35258dd8f13a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   205598 76afcd4085fa6f39055a5a3f1ef34a43
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   206372 5c67270e0a19d1558cf17cb21a114833
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   143838 28e9c3811feeac70b846279e82c23430
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb
  Size/MD5:   765398 92c5b054b80b6258a1c4caac8248a40a

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz
  Size/MD5:   137715 0e8a6128ff37a1c064d4ce881b5d3df9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc
  Size/MD5:     1788 5e3c3d53b68ea3053bcca3a5e19f5911
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz
  Size/MD5:  6396996 80d3754fc278338033296f0d41ef2c04

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb
  Size/MD5:  2041786 cd1e98fb2064bad51f7845f203a07d79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb
  Size/MD5:  6538578 32e07db65f1e7b3002aedc3afce1748c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb
  Size/MD5:    45474 0f1b4fb499af61a596241bd4f0f4d35d

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   254968 f2004f847cc5cbc730599352ad1f7dc6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   249196 fb001fc4f192e9b8ae1bb7161925413c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   254360 419b942bad4cf4d959afcfa3ce4314e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   208524 0d87bf6acbf1ab5dc48c68debe7c0d26
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:    84490 2a4df4b619debe549f48ac3e9e764305
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:    82838 215665711684d5b5dd04cdfa23d36462
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   209550 496d387e315370c0cd83489db663a356
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   147762 48061b9015c78b39b7afd834f4c81ae0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb
  Size/MD5:   820242 3497441009bc9db76a87fd2447ba433c

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   241376 488812d1a311fd67dafd5b18b6813920
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   236082 9256681808703f40e822c81b53f4ce3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   240668 2b6b7c11a88ed5a280f603305bee880e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   208532 e0eccceba6cae5fb12f431ff0283a23e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:    83922 ea5f69f36e344e493cce5d9c0bc69c46
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:    82320 0d9b2f9afff4b9efe924b59e9bb039ea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   209554 f4e53148ae30d5c4f060d455e4f11f95
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   146596 5ed6a4af9378bacfb7d4a034d9923915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb
  Size/MD5:   778564 ffd7752394933004094c13b00113b263

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   238358 4955c7d577496ea4f3573345fad028a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   232964 76aecf38baba17a8a968329b818ec74a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   237626 83f32bd08e2e206bbdb9f92cfb1a37e5
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   208528 6672fb116e108687669c89197732fbb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:    83870 b8f875f197017aec0fe8203c203065d7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:    82296 d6724391ed540b351e2b660ba98af1ca
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   209550 263b43fb11c6d954d5a4bf7839e720a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   146282 a225b8d0f48e141eea28b2369d4595c0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb
  Size/MD5:   766494 454c737e191429c43ad3f28c9e0294a0

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   261510 d3e1155682726cc28859156e647d97b3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   256082 e49d894a6e9ab612a3cbd2f189ca3d8d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   260850 bc3cd7677cd630ac00424e73a3a6b343
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   208542 ae1cc6b1323832528ad8f0e7130ec87d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:    84558 68452b686e89320007e9c5367ce36345
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:    82908 2b8c5fc4bdec1017735dc16eba41d0a6
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   209562 a8da7487e3dcd1bdff008956728b8dd3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   161030 a5ffe07d5e3050c8a54c4fccd3732263
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb
  Size/MD5:   926240 8282583e86e84bd256959540f39a515d

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   246720 e54b4b9b354001a910ec9027dc90b0d2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   241280 1eea25472875056e34cd2c3283c60171
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   246024 5709e7421814ecfb83fff5804d429971
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   208528 25cdfd0177da7e5484d3d44f93257863
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:    84096 3ffbacffcc23ffc640a2ce05d35437bf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:    82470 17d1ca84f9455c492013f4f754a1d365
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   209546 696ef3652703523aea6208a4e51e48f1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   150932 44c89e0249c85eed09b6f3a6a23db59d
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb
  Size/MD5:   783902 773a80d7a85a452016da3b10b1f3ae43

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz
  Size/MD5:   141023 50d6737005a6d4fe601e223a39293f99
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc
  Size/MD5:     1795 59720f4d7ad291c986d92ec120750c3d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz
  Size/MD5:  6806786 03e0a99a5de0f3f568a0087fb9993af9

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb
  Size/MD5:  2219326 d29c903489b894ddf88b23a0fec23e5c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb
  Size/MD5:    46636 ee03585b00f277ed98c0de07a683317a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb
  Size/MD5:  6948222 a3505a83c13cf36c86248079127dd84d

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   259028 5e9bddefad4c58c3ef9fd15d7a06988d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   253218 ee1bfbb759ffade3a52a6782e2f4b66d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   258414 8ef063026de9790bac1965427ce1b584
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   213294 09701d434bd102e4205e551b4525afd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   214258 e98de48ea01e1132c5f1248a9a018745
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   151140 2f7c7f14b843b2c24de8c67356406449
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:   826834 28abdf1c7be886e9be2825d351abaec7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:    87818 670c62615e107920c45893b3377ab2a0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb
  Size/MD5:    86094 5a7c68fd37066287b4819cba4cfed1f2

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   245538 952540b7679ebc8d3ffc953f32d3be0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   240048 08a7fd4888ffd9188890e57c613c4be7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   244914 955bb5121da808d44aa994386d90723f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   213308 dd16143608ff8c41cb2d5cd27212a57e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   214280 1e1f5d6feef40413f823a19126a018e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   150046 0769d86d26282d1d31615050ae5b8915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:   784198 8760e9c37147d0472dbbfe941c058829
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:    87182 21980cb1035d05f69b857870bbcbc085
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb
  Size/MD5:    85572 6a1b8a5e4cb19e815e88335757b06cf3

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   242386 859ad63822b7e82c81cd6dcaca088c4a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   236924 200538ce94218c9d8af8532636bfd40a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   241822 3a3183ea4ee77d2677919d3b698f92a1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   213286 bf81273b1db0a4a621085171c2b2b421
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   214264 ed278dab71289d2baae2ea409382fbf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   149758 75f6e2d7bd1cdfe5b1806062c3c859df
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:   773424 c7cdc26051bd9443ae25b73776537fb5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:    87132 32e7ea89c96a0afce7ce1da457d947fb
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb
  Size/MD5:    85550 1d9b5963aa6ea5c01492ec417ab8510a

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   265476 5d03fe6b2da8de98c876941ff78b066f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   260478 3e3aeaaf496cc86c62a831c59994c1f2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   265154 5eae30e7a33c09b37483f3aab595d0e9
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   213314 879534ebabbb8be86b606e1800dc9cf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   214286 922033231a6aa67ecca1c400d47f09c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   164444 74faf68f0baeffcd011155ca9b201039
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:   932416 2911758e4ad1b3b401369621301ea76f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:    87876 1d45c033ec5498c092f30188cf1d481e
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb
  Size/MD5:    86154 52c1d8806d52fef6f43ab53662953953

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   250786 4e8e98dcba5543394ed5f07d141ce408
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   245094 a82bf04fc92b8c275b0c0f25cc81ff91
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   250110 092cf734813ae1d127d7b4f498f936c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   213312 98d7062a6bdb58637f7e850b76bfbc80
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   214286 a378e2e0418631cec0f398379a446172
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   154284 ce8b7bbccd359675b70426df15becfed
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:   789298 11f088b18425b97367d5bc141da2ef2f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:    87384 477b6594866c8c73a8a3603e7e646c68
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb
  Size/MD5:    85686 5562ea5a0e6f01ba12adda3afb65c1b0

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz
  Size/MD5:   185244 1ef59f9642bd9efa35e0808ea804cd0b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc
  Size/MD5:     1888 d3bfdecefdd8b1adec8ab35dcf85d2b3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz
  Size/MD5:  6678149 17f017b571f88aa60abebfe2945d7caf

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:  2246560 be12bcc117bf165ffd3401486186762e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:     2336 009d381342b0be5280835a46c91f01d9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:     2374 7545a3750acea08e95bee86f6a3247e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:     2314 17719223d92d46821098ce178b5947d6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:   284782 4321e3201d8e8d1a9e3c6fbe6864102b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:     1424 7b4d96008368549d5600a8c1f64a7559
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb
  Size/MD5:     2366 46add3d428c97fa69a8848a3e4025bb0

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb
  Size/MD5:   137080 91e4f72d0f1f0abe91555e1497558fc2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb
  Size/MD5:   138176 5fd6a5ed536306528f9f2c1a0281ad70
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb
  Size/MD5:   156646 cfa55666363303b3f44a24fa2929bf01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb
  Size/MD5:  1399630 82b36d57faa29a646e72a1125600c11c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb
  Size/MD5:    92488 ddebef9d1a537520380f85b63c512bef
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb
  Size/MD5:    90880 c6d163edf145da8ff6d102dc0dd1f8d7

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb
  Size/MD5:   137102 69dcd0519ca612e02102f52dcb50bf7f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb
  Size/MD5:   138200 17221b53903d664823a55faa1ec4d9a9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb
  Size/MD5:   155166 4347806710edff47fc051b4a68d5b448
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb
  Size/MD5:  1309136 d9a7df212b315fc6f77fc87fa8eb4a04
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb
  Size/MD5:    91876 289bf732dd4750a2ce61ab121b04b079
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb
  Size/MD5:    90316 add7f446f6b524343c0066a486dd299a

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb
  Size/MD5:   137088 571e9f0370b5687acff25f71c4efe33e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb
  Size/MD5:   138192 816a6e033f02114553bbb3627b9c6f9c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb
  Size/MD5:   155090 af8272dc794250c30cd2f66b82486dc2
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb
  Size/MD5:  1290606 4c51de07f5a6fe9612de45369e6f35a5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb
  Size/MD5:    91830 06866386df811127f4fd71d6fb2a9e2a
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb
  Size/MD5:    90312 9e68bd8111503135a4eae7265b0084ae

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb
  Size/MD5:   137096 61b24dbeb12d7998e5d7014c26410a99
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb
  Size/MD5:   138202 599898ff374bde8bfa388e2615064c5a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb
  Size/MD5:   161058 fea8f5b9a80bef9c4cb3405bc37160af
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb
  Size/MD5:  1390150 fb1a244728a509586b77d02930fcf10f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb
  Size/MD5:    92400 572c3b0aa5ab717e8c4e4e8248aff1ff
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb
  Size/MD5:    90774 82011ebc757d31e690698cf9913e3adc

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb
  Size/MD5:   137098 7f566dfade1678c72eac7dd923ab5987
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb
  Size/MD5:   138202 09fbc3145d768cf1f204d47b50e21528
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb
  Size/MD5:   159488 7cb6c81588adaee162b8c85a1f69e7a7
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb
  Size/MD5:  1297936 106b0b71f5e928c1d543973b5b1f015b
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb
  Size/MD5:    92166 28899fe31226880dfa961d8b05e8fa43
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb
  Size/MD5:    90554 f207de0099ed259e2af736e8c82f91c2

. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue.

After updating openssl, an Apache server will allow both patched and unpatched web browsers to connect, but unpatched browsers will not be able to renegotiate. This update introduces the new SSLInsecureRenegotiation directive for Apache that may be used to re-enable insecure renegotiations with unpatched web browsers. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2009:323 http://www.mandriva.com/security/

Package : apache Date : December 7, 2009 Affected: 2008.0

Problem Description:

Multiple vulnerabilities has been found and corrected in apache:

Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only).

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0.

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195).

The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890).

Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891).

The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command (CVE-2009-3094).

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095).

Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555).

Packages for 2008.0 are being provided due to extended support for Corporate products.

This update provides a solution to these vulnerabilities.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2

Updated Packages:

Mandriva Linux 2008.0: dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64: 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu MUj4lK2Wsb+qzbv2V+Ih30U= =VdZS -----END PGP SIGNATURE----- .

Additionally the NSPR package has been upgraded to 4.8.4 that brings numerous upstream fixes.

This update provides the latest versions of NSS and NSPR libraries and for which NSS is not vulnerable to this attack. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Aruba Networks Security Advisory

Title: TLS Protocol Session Renegotiation Security Vulnerability

Aruba Advisory ID: AID-020810 Revision: 1.0

For Public Release on 02/08/2010

+----------------------------------------------------

SUMMARY

This advisory addresses the renegotiation related vulnerability disclosed recently in Transport Layer Security protocol [1][2].

The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. If a client browser (victim) is configured to authenticate to the WebUI over HTTPS using a client certificate, an attacker can potentially use the victim's credentials temporarily to execute arbitrary HTTP request for each initiation of an HTTPS session from the victim to the WebUI. This would happen without any HTTPS/TLS warnings to the victim. This condition can essentially be exploited by an attacker for command injection in beginning of a HTTPS session between the victim and the ArubaOS WebUI.

ArubaOS itself does not initiate TLS renegotiation at any point and hence is only vulnerable to scenario where a client explicitly requests TLS renegotiation. Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users.

AFFECTED ArubaOS VERSIONS

2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS, 2.4.8.x-FIPS

CHECK IF YOU ARE VULNERABLE

The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. ArubaOS is vulnerable only if its configuration permits WebUI administration interface clients to connect using either username/password or client certificates. If only one of the two authentication method is allowed, this issue does not seem to apply.

Check if the following line appears in your configuration:

web-server mgmt-auth username/password certificate

If the exact line does not appear in the configuration, this issue does not apply.

DETAILS

An industry wide vulnerability was discovered in TLS protocol's renegotiation feature, which allows a client and server who already have a TLS connection to negotiate new session parameters and generate new key material. Renegotiation is carried out in the existing TLS connection. However there is no cryptographic binding between the renegotiated TLS session and the original TLS session. An attacker who has established MITM between client and server may be able to take advantage of this and inject arbitrary data into the beginning of the application protocol stream protected by TLS. Specifically arbitrary HTTP requests can be injected in a HTTPS session where attacker (MITM) blocks HTTPS session initiation between client and server, establishes HTTPS session with the server itself, injects HTTP data and initiates TLS renegotiation with the server. Then attacker allows the renegotiation to occur between the client and the server. After successful HTTPS session establishment with the server, now the client sends its HTTP request along with its HTTP credentials (cookie) to the server. However due to format of attacker's injected HTTP data, the client's HTTP request is not processed, rather the attacker's HTTP request gets executed with credentials of the client. The attacker is not able to view the results of the injected HTTP request due to the fact that data between the client and the server is encrypted over HTTPS.

ArubaOS itself does not initiate TLS renegotiation at any point. The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface.

Pre-requisites for this attack : 1. The attacker must be able to establish a MITM between the client and the server (ArubaOS WebUI). 2. The attacker must be able to establish a successful HTTPS session with the server (ArubaOS WebUI) 3. ArubaOS must be configured to allow certificate based HTTPS authentication for WebUI clients (client certs).

Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users.

CVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)

WORKAROUNDS

Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following steps will help to mitigate the risk:

      • Disable certificate based HTTPS authentication (and only allow username-password based authentication) for WebUI clients. Client's username-password authentication POST request will prohibit attacker's injected HTTP data from executing with client's cookie. CLI command: web-server mgmt-auth username/password
      • Permit certificate based HTTPS authentication ONLY and disable username-password based authentication to WebUI. This will prohibit attacker from establishing a HTTPS session with ArubaOS (for MITM) without a valid client cert. CLI command: web-server mgmt-auth certificate

    Note: This step won't stop command injection from attackers who have valid client certificates but their assigned management role privileges are lower than that of the admin. This attack may allow them to run commands at higher privilege than what is permitted in their role.

      • Do not expose the Mobility Controller administrative interface to untrusted networks such as the Internet.

SOLUTION

Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical.

The following patches have the fix (any newer patch will also have the fix):

        • 2.5.6.24
        • 3.3.2.23
        • 3.3.3.2
        • 3.4.0.7
        • 3.4.1.1
        • RN 3.1.4

Please contact Aruba support for obtaining patched FIPS releases.

Please note: We highly recommend that you upgrade your Mobility Controller to the latest available patch on the Aruba support site corresponding to your currently installed release.

REFERENCES

[1] http://extendedsubset.com/?p=8

[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

+----------------------------------------------------

OBTAINING FIXED FIRMWARE

Aruba customers can obtain the firmware on the support website: http://www.arubanetworks.com/support.

Aruba Support contacts are as follows:

1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)

+1-408-754-1200 (toll call from anywhere in the world)

e-mail: support(at)arubanetworks.com

Please, do not contact either "wsirt(at)arubanetworks.com" or "security(at)arubanetworks.com" for software upgrades.

EXPLOITATION AND PUBLIC ANNOUNCEMENTS

This vulnerability will be announced at

Aruba W.S.I.R.T. Advisory: http://www.arubanetworks.com/support/alerts/aid-020810.txt

SecurityFocus Bugtraq http://www.securityfocus.com/archive/1

STATUS OF THIS NOTICE: Final

Although Aruba Networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Networks may update this advisory.

A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.

DISTRIBUTION OF THIS ANNOUNCEMENT

This advisory will be posted on Aruba's website at: http://www.arubanetworks.com/support/alerts/aid-020810.txt

Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.

REVISION HISTORY

  Revision 1.0 / 02-08-2010 / Initial release

ARUBA WSIRT SECURITY PROCEDURES

Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at http://www.arubanetworks.com/support/wsirt.php

For reporting NEW Aruba Networks security issues, email can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.arubanetworks.com/support/wsirt.php

  (c) Copyright 2010 by Aruba Networks, Inc.

This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN bWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP =CrHf -----END PGP SIGNATURE----- . Transport Layer Security (TLS) is a protocol for ensuring the privacy of communication applications and their users over the Internet. Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01963123 Version: 1

HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of

Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2009-12-21 Last Updated: 2009-12-21

Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The

vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).

References: CVE-2009-3555

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.12 and previous.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following temporary software updates to resolve the vulnerability.

NOTE: The vulnerability is resolved in OpenSSL 0.9.8l. HP-UX Apache v2.0.59.X versions use statically linked

libraries. HP-UX Apache v2.0.59.13 is compiled with OpenSSL 0.9.8l. Other versions of HP-UX Apache require the

HP-UX OpenSSL packages recommended in HPSBUX02482 SSRT090249, available here

http://www.itrc.hp.com/service/cki/secBullArchive.do

To review previously published Security Bulletins visit http://www.itrc.hp.com/service/cki/secBullArchive.do

The depots are available are available using ftp. Host / Account / Password

ftp.usa.hp.com / sb02498 / Secure12

HP-UX Release / Temporary Depot name / SHA-1 Sum

B.11.11 (IPv4 and IPv6) / Apache 2.0.59.13 PA-64-32-1111.depot / 3B6BE547403C28926482192408D5D5AB603A403D

B.11.23 PA-32 / Apache 2.0.59.13 IA-PA-32-1123.depot / 4809BAF0F83F78F60B7EC73FAF584D221B1CB4A7

B.11.23 IA-64 / Apache 2.0.59.13 IA-PA-64-1123.depot / 1D65F7D49883399F4D202E16754CF7DAE71E3B47

B.11.31 PA-32 / Apache 2.0.59.13 IA-PA-32-1131.depot / 943E21D4621B480B5E8E651ACB605B8F7EA47304

B.11.31 IA-64 / Apache 2.0.59.13 IA-PA-64-1131.depot / B8836FDB73434A3C26FB411E3F7CB3211129E5AC

MANUAL ACTIONS: Yes Install Apache v2.0.59.13 or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security

Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a

specific HP-UX system. It can also download patches and create a depot automatically. For more information

see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

For Apache IPv4 and IPv6 HP-UX B.11.11 ============= hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent

HP-UX B.11.23

hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent

HP-UX B.11.31

hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 21 December 2009 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

References: CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740. The upgrades are available from the following location.

For Debian 7 (wheezy) this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default (CVE-2009-3555). TLS compression is disabled (CVE-2012-4929), although this is normally already disabled by the OpenSSL system library. Finally it adds the ability to disable the SSLv3 protocol (CVE-2014-3566) entirely via the new "DisableSSLv3" configuration directive, although it will not disabled by default in this update.

For Debian 8 (jessie) these issues have been fixed prior to the release, with the exception of client-initiated renegotiation (CVE-2009-3555). This update addresses that issue for jessie.

For the oldstable distribution (wheezy), these problems have been fixed in version 2.6-2+deb7u1.

For the stable distribution (jessie), these problems have been fixed in version 2.6-6+deb8u1.

For the unstable distribution (sid), these problems have been fixed in version 2.6-6.1.

We recommend that you upgrade your pound packages. ----------------------------------------------------------------------

Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management

Free webinars

http://secunia.com/vulnerability_scanning/corporate/webinars/

TITLE: OpenOffice.org Data Manipulation and Code Execution Vulnerabilities

SECUNIA ADVISORY ID: SA40070

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40070/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40070

RELEASE DATE: 2010-06-08

DISCUSS ADVISORY: http://secunia.com/advisories/40070/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/40070/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=40070

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to manipulate certain data or compromise a user's system.

1) An error in the TLS protocol while handling session re-negotiations in included libraries can be exploited to manipulate session data.

For more information see vulnerability #1 in: SA37291

2) An error when exploring python code through the scripting IDE can be exploited to potentially execute arbitrary code.

The vulnerabilities are reported in versions prior to 3.2.1.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2009-3555.html http://www.openoffice.org/security/cves/CVE-2010-0395.html

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. This could force the server to process an attacker's request as if authenticated using the victim's credentials.

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169 (CVE-2013-1619).

The updated packages have been patched to correct these issues. HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Due to a bug in lighttpd, the server fails to start in some configurations if using the updated openssl libraries.

The packages for the hppa, mips, and mipsel architectures are not yet available. They will be released as soon as they have been built

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200911-0398",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "openssl",
            scope: "eq",
            trust: 1,
            vendor: "openssl",
            version: "1.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "10.10",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "9.04",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "13",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "7.0",
         },
         {
            model: "openssl",
            scope: "lte",
            trust: 1,
            vendor: "openssl",
            version: "0.9.8k",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "8.0",
         },
         {
            model: "nginx",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "0.8.22",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "14",
         },
         {
            model: "nginx",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "0.1.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "8.04",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "8.10",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "9.10",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "12",
         },
         {
            model: "gnutls",
            scope: "lte",
            trust: 1,
            vendor: "gnu",
            version: "2.8.5",
         },
         {
            model: "http server",
            scope: "lte",
            trust: 1,
            vendor: "apache",
            version: "2.2.14",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "4.0",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "11",
         },
         {
            model: "nss",
            scope: "lte",
            trust: 1,
            vendor: "mozilla",
            version: "3.12.4",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "5.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "10.04",
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "barracuda",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "debian gnu linux",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "gnutls",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "hewlett packard",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "ibm",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "mcafee",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "sun microsystems",
            version: null,
         },
         {
            model: "hp virtual connect",
            scope: null,
            trust: 0.8,
            vendor: "ヒューレット パッカード",
            version: null,
         },
         {
            model: "hpe matrix operating environment",
            scope: null,
            trust: 0.8,
            vendor: "ヒューレット パッカード エンタープライズ",
            version: null,
         },
         {
            model: "hpe systems insight manager",
            scope: null,
            trust: 0.8,
            vendor: "ヒューレット パッカード エンタープライズ",
            version: null,
         },
         {
            model: "hitachi web server",
            scope: null,
            trust: 0.8,
            vendor: "日立",
            version: null,
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#120541",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2011-001632",
         },
         {
            db: "NVD",
            id: "CVE-2009-3555",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "2.2.14",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "0.9.8k",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "2.8.5",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "3.12.4",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "0.8.22",
                        versionStartIncluding: "0.1.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2009-3555",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Mandriva",
      sources: [
         {
            db: "PACKETSTORM",
            id: "83521",
         },
         {
            db: "PACKETSTORM",
            id: "88167",
         },
         {
            db: "PACKETSTORM",
            id: "84181",
         },
         {
            db: "PACKETSTORM",
            id: "120714",
         },
      ],
      trust: 0.4,
   },
   cve: "CVE-2009-3555",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 5.8,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  impactScore: 4.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "IPA",
                  availabilityImpact: "None",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2011-001632",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 5.8,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-41001",
                  impactScore: 4.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2009-3555",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "CVE-2009-3555",
                  trust: 0.8,
                  value: "0",
               },
               {
                  author: "IPA",
                  id: "JVNDB-2011-001632",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "VULHUB",
                  id: "VHN-41001",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#120541",
         },
         {
            db: "VULHUB",
            id: "VHN-41001",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2011-001632",
         },
         {
            db: "NVD",
            id: "CVE-2009-3555",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue. Hitachi Web Server for, SSL There is a vulnerability in which arbitrary data is inserted at the beginning of communication data when using the function.Arbitrary data may be inserted at the beginning of communication data by a third party. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. \n\nSOLUTION:\nApply updates (please see the vendor's advisory for details). ===========================================================\nUbuntu Security Notice USN-860-1          November 19, 2009\napache2 vulnerabilities\nCVE-2009-3094, CVE-2009-3095, CVE-2009-3555\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 8.10\nUbuntu 9.04\nUbuntu 9.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n  apache2-common                  2.0.55-4ubuntu2.9\n\nUbuntu 8.04 LTS:\n  apache2.2-common                2.2.8-1ubuntu0.14\n\nUbuntu 8.10:\n  apache2.2-common                2.2.9-7ubuntu3.5\n\nUbuntu 9.04:\n  apache2.2-common                2.2.11-2ubuntu2.5\n\nUbuntu 9.10:\n  apache2.2-common                2.2.12-1ubuntu2.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\nprotocols. The flaw is with TLS renegotiation and\npotentially affects any software that supports this feature. Attacks\nagainst the HTTPS protocol are known, with the severity of the issue\ndepending on the safeguards used in the web application. Until the TLS\nprotocol and underlying libraries are adjusted to defend against this\nvulnerability, a partial, temporary workaround has been applied to Apache\nthat disables client initiated TLS renegotiation. This update does not\nprotect against server initiated TLS renegotiation when using\nSSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. \nUsers can defend againt server inititiated TLS renegotiation attacks by\nadjusting their Apache configuration to use SSLVerifyClient and\nSSLCipherSuite only on the server or virtual host level. (CVE-2009-3555)\n\nIt was discovered that mod_proxy_ftp in Apache did not properly sanitize\nits input when processing replies to EPASV and PASV commands. An attacker\ncould use this to cause a denial of service in the Apache child process. \n(CVE-2009-3094)\n\nAnother flaw was discovered in mod_proxy_ftp. \n(CVE-2009-3095)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz\n      Size/MD5:   130638 5d172b0ca228238e211940fad6b0935d\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc\n      Size/MD5:     1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n      Size/MD5:  6092031 45e32c9432a8e3cf4227f5af91b03622\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb\n      Size/MD5:  2125884 643115e9135b9bf626f3a65cfc5f2ed3\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   834492 818915da9848657833480b1ead6b4a12\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   229578 9086ac3033e0425ecd150b31b377ee76\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   224594 85a4480344a072868758c466f6a98747\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   229128 446b52088b9744fb776e53155403a474\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   172850 17e4cd95ecb9d0390274fca9625c2e5e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   173636 b501407d01fa07e5807c28cd1db16cd7\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:    95454 a06ee30ec14b35003ebcb821624bc2af\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:    37510 4c063b1b8d831ea8a02d5ec691995dec\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   287048 9cdc7502ebc526d4bc7df9b59a9d8925\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb\n      Size/MD5:   145624 4b613a57da2ca57678e8c8f0c1628556\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   787870 67b1855dc984e5296ac9580e2a2f0a0c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   204122 edf40b0ff5c1824b2d6232da247ce480\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   200060 6267a56fcef78f6300372810ce36ea41\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   203580 c487929bbf45b5a4dc3d035d86f7b3a0\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   172876 bae257127c3d137e407a7db744f3d57a\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   173660 9dd0e108ab4d3382799b29d901bf4502\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:    93410 d5d602c75a28873f1cd7523857e0dd80\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:    37508 22049e1ea8ea88259ff3f6e94482cfb3\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   263066 43fa2ae3b43c4743c98c45ac22fb0250\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb\n      Size/MD5:   133484 e70b7f81859cb92e0c50084e92216526\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   860622 6d386da8da90d363414846dbc7fa7f08\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   221470 8c207b379f7ba646c94759d3e9079dd4\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   217132 069cab77278b101c3c4a5b172f36ba9b\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   220968 2f6ba65769fc964eb6dfec8a842f7621\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   172874 89137c84b5a33f526daf3f8b4c047a7e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   173662 23e576721faccb4aef732cf98e2358d4\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   105198 44f9e698567784555db7d7d971b9fce2\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:    37518 fe7caa2a3cf6d4227ac34692de30635e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   282644 ec0306c04778cf8c8edd622aabb0363c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb\n      Size/MD5:   142730 d43356422176ca29440f3e0572678093\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   211674 eb19532b9b759c806e9a95a4ffbfad9b\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   207344 9e5770a4c94cbc4f9bc8cc11a6a038f1\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   210948 6d1d2357cec5b88c1c2269e5c16724bc\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   172882 d04dd123def1bc4cfbf2ac0095432eea\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   173662 6be46bbb9e92224020da49d657cb4cd4\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:    94510 9df6ae07a9218d6159b1eebde5d58606\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:    37506 89856bb1433e67fb23c8d34423d3e0a5\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   269070 bf585dec777b0306cd80663c11b020df\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb\n      Size/MD5:   131466 340eaf2d2c1f129c7676a152776cfcf3\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz\n      Size/MD5:   141838 37d5c93b425758839cbef5afea5353a2\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc\n      Size/MD5:     1381 78c9a13cc2af0dbf3958a3fc98aeea84\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz\n      Size/MD5:  6125771 39a755eb0f584c279336387b321e3dfc\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb\n      Size/MD5:  1929318 d4faaf64c2c0af807848ea171a4efa90\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb\n      Size/MD5:    72920 065d63c19b22f0f7a8f7c28952b0b408\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb\n      Size/MD5:  6258048 33c48a093bbb868ea108a50c051437cf\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb\n      Size/MD5:    45850 07a9463a8e4fdf1a48766d5ad08b9a3c\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   253080 3c6467ee604002a5b8ebffff8554c568\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   248676 3c83ce9eb0a27f18b9c3a8c3e651cafa\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   252490 cf379a515d967d89d2009be9e06d4833\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   205592 af6cb62114d2e70bf859c32008a66433\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   141660 958585d6391847cd5a618464054f7d37\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb\n      Size/MD5:   803974 76d23bd94465a2f96711dc1c41b31af0\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   236060 ad4c00dc10b406cc312982b7113fa468\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   231580 07ae6a192e6c859e49d48f2b2158df40\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   235308 18a44bbffcebde8f2d66fe3a6bdbab6d\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   205594 73ec71599d4c8a42a69ac3099b9d50cf\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   206374 c1524e4fa8265e7eaac046b114b8c463\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   140644 379a125b8b5b51ff8033449755ab87b8\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb\n      Size/MD5:   755574 9de96c8719740c2525e3c0cf7836d60b\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   235578 0265d4f6ccee2d7b5ee10cfff48fed08\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   231234 611499fb33808ecdd232e2c5350f6838\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   234738 d7757d2da2e542ce0fdad5994be1d8bd\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   205592 c10ac9eb401184c379b7993b6a62cde3\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   206358 fc91c0159b096e744c42014e6e5f8909\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   141212 f87d5f443e5d8e1c3eda6f976b3ceb06\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb\n      Size/MD5:   749716 86ae389b81b057288ff3c0b69ef68656\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   254134 4337f858972022fa196c9a1f9bb724fb\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   249596 44a6e21ff8fa81d09dab19cab4caffdb\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   253698 f101a1709f21320716d4c9afb356f24f\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   205604 3f4d4f6733257a7037e35101ef792352\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   206386 06402188459de8dab5279b5bfef768fa\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   158390 0acffbdb7e5602b434c4f2805f8dc4d0\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb\n      Size/MD5:   906022 28c3e8b63d123a4ca0632b3fed6720b5\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   237422 5651f53b09c0f36e1333c569980a0eb0\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   233152 1165607c64c57c84212b6b106254e885\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   236606 bbe00d0707c279a16eca35258dd8f13a\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   205598 76afcd4085fa6f39055a5a3f1ef34a43\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   206372 5c67270e0a19d1558cf17cb21a114833\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   143838 28e9c3811feeac70b846279e82c23430\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb\n      Size/MD5:   765398 92c5b054b80b6258a1c4caac8248a40a\n\nUpdated packages for Ubuntu 8.10:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz\n      Size/MD5:   137715 0e8a6128ff37a1c064d4ce881b5d3df9\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc\n      Size/MD5:     1788 5e3c3d53b68ea3053bcca3a5e19f5911\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz\n      Size/MD5:  6396996 80d3754fc278338033296f0d41ef2c04\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb\n      Size/MD5:  2041786 cd1e98fb2064bad51f7845f203a07d79\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb\n      Size/MD5:  6538578 32e07db65f1e7b3002aedc3afce1748c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb\n      Size/MD5:    45474 0f1b4fb499af61a596241bd4f0f4d35d\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   254968 f2004f847cc5cbc730599352ad1f7dc6\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   249196 fb001fc4f192e9b8ae1bb7161925413c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   254360 419b942bad4cf4d959afcfa3ce4314e2\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   208524 0d87bf6acbf1ab5dc48c68debe7c0d26\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:    84490 2a4df4b619debe549f48ac3e9e764305\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:    82838 215665711684d5b5dd04cdfa23d36462\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   209550 496d387e315370c0cd83489db663a356\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   147762 48061b9015c78b39b7afd834f4c81ae0\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb\n      Size/MD5:   820242 3497441009bc9db76a87fd2447ba433c\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   241376 488812d1a311fd67dafd5b18b6813920\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   236082 9256681808703f40e822c81b53f4ce3e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   240668 2b6b7c11a88ed5a280f603305bee880e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   208532 e0eccceba6cae5fb12f431ff0283a23e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:    83922 ea5f69f36e344e493cce5d9c0bc69c46\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:    82320 0d9b2f9afff4b9efe924b59e9bb039ea\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   209554 f4e53148ae30d5c4f060d455e4f11f95\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   146596 5ed6a4af9378bacfb7d4a034d9923915\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb\n      Size/MD5:   778564 ffd7752394933004094c13b00113b263\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   238358 4955c7d577496ea4f3573345fad028a4\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   232964 76aecf38baba17a8a968329b818ec74a\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   237626 83f32bd08e2e206bbdb9f92cfb1a37e5\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   208528 6672fb116e108687669c89197732fbb0\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:    83870 b8f875f197017aec0fe8203c203065d7\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:    82296 d6724391ed540b351e2b660ba98af1ca\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   209550 263b43fb11c6d954d5a4bf7839e720a4\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   146282 a225b8d0f48e141eea28b2369d4595c0\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb\n      Size/MD5:   766494 454c737e191429c43ad3f28c9e0294a0\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   261510 d3e1155682726cc28859156e647d97b3\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   256082 e49d894a6e9ab612a3cbd2f189ca3d8d\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   260850 bc3cd7677cd630ac00424e73a3a6b343\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   208542 ae1cc6b1323832528ad8f0e7130ec87d\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:    84558 68452b686e89320007e9c5367ce36345\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:    82908 2b8c5fc4bdec1017735dc16eba41d0a6\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   209562 a8da7487e3dcd1bdff008956728b8dd3\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   161030 a5ffe07d5e3050c8a54c4fccd3732263\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb\n      Size/MD5:   926240 8282583e86e84bd256959540f39a515d\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   246720 e54b4b9b354001a910ec9027dc90b0d2\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   241280 1eea25472875056e34cd2c3283c60171\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   246024 5709e7421814ecfb83fff5804d429971\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   208528 25cdfd0177da7e5484d3d44f93257863\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:    84096 3ffbacffcc23ffc640a2ce05d35437bf\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:    82470 17d1ca84f9455c492013f4f754a1d365\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   209546 696ef3652703523aea6208a4e51e48f1\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   150932 44c89e0249c85eed09b6f3a6a23db59d\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb\n      Size/MD5:   783902 773a80d7a85a452016da3b10b1f3ae43\n\nUpdated packages for Ubuntu 9.04:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz\n      Size/MD5:   141023 50d6737005a6d4fe601e223a39293f99\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc\n      Size/MD5:     1795 59720f4d7ad291c986d92ec120750c3d\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz\n      Size/MD5:  6806786 03e0a99a5de0f3f568a0087fb9993af9\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb\n      Size/MD5:  2219326 d29c903489b894ddf88b23a0fec23e5c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb\n      Size/MD5:    46636 ee03585b00f277ed98c0de07a683317a\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb\n      Size/MD5:  6948222 a3505a83c13cf36c86248079127dd84d\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   259028 5e9bddefad4c58c3ef9fd15d7a06988d\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   253218 ee1bfbb759ffade3a52a6782e2f4b66d\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   258414 8ef063026de9790bac1965427ce1b584\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   213294 09701d434bd102e4205e551b4525afd1\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   214258 e98de48ea01e1132c5f1248a9a018745\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   151140 2f7c7f14b843b2c24de8c67356406449\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:   826834 28abdf1c7be886e9be2825d351abaec7\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:    87818 670c62615e107920c45893b3377ab2a0\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb\n      Size/MD5:    86094 5a7c68fd37066287b4819cba4cfed1f2\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   245538 952540b7679ebc8d3ffc953f32d3be0f\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   240048 08a7fd4888ffd9188890e57c613c4be7\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   244914 955bb5121da808d44aa994386d90723f\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   213308 dd16143608ff8c41cb2d5cd27212a57e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   214280 1e1f5d6feef40413f823a19126a018e3\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   150046 0769d86d26282d1d31615050ae5b8915\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:   784198 8760e9c37147d0472dbbfe941c058829\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:    87182 21980cb1035d05f69b857870bbcbc085\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb\n      Size/MD5:    85572 6a1b8a5e4cb19e815e88335757b06cf3\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   242386 859ad63822b7e82c81cd6dcaca088c4a\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   236924 200538ce94218c9d8af8532636bfd40a\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   241822 3a3183ea4ee77d2677919d3b698f92a1\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   213286 bf81273b1db0a4a621085171c2b2b421\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   214264 ed278dab71289d2baae2ea409382fbf8\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   149758 75f6e2d7bd1cdfe5b1806062c3c859df\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:   773424 c7cdc26051bd9443ae25b73776537fb5\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:    87132 32e7ea89c96a0afce7ce1da457d947fb\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb\n      Size/MD5:    85550 1d9b5963aa6ea5c01492ec417ab8510a\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   265476 5d03fe6b2da8de98c876941ff78b066f\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   260478 3e3aeaaf496cc86c62a831c59994c1f2\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   265154 5eae30e7a33c09b37483f3aab595d0e9\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   213314 879534ebabbb8be86b606e1800dc9cf8\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   214286 922033231a6aa67ecca1c400d47f09c1\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   164444 74faf68f0baeffcd011155ca9b201039\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:   932416 2911758e4ad1b3b401369621301ea76f\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:    87876 1d45c033ec5498c092f30188cf1d481e\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb\n      Size/MD5:    86154 52c1d8806d52fef6f43ab53662953953\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   250786 4e8e98dcba5543394ed5f07d141ce408\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   245094 a82bf04fc92b8c275b0c0f25cc81ff91\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   250110 092cf734813ae1d127d7b4f498f936c1\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   213312 98d7062a6bdb58637f7e850b76bfbc80\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   214286 a378e2e0418631cec0f398379a446172\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   154284 ce8b7bbccd359675b70426df15becfed\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:   789298 11f088b18425b97367d5bc141da2ef2f\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:    87384 477b6594866c8c73a8a3603e7e646c68\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb\n      Size/MD5:    85686 5562ea5a0e6f01ba12adda3afb65c1b0\n\nUpdated packages for Ubuntu 9.10:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz\n      Size/MD5:   185244 1ef59f9642bd9efa35e0808ea804cd0b\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc\n      Size/MD5:     1888 d3bfdecefdd8b1adec8ab35dcf85d2b3\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz\n      Size/MD5:  6678149 17f017b571f88aa60abebfe2945d7caf\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:  2246560 be12bcc117bf165ffd3401486186762e\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:     2336 009d381342b0be5280835a46c91f01d9\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:     2374 7545a3750acea08e95bee86f6a3247e2\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:     2314 17719223d92d46821098ce178b5947d6\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:   284782 4321e3201d8e8d1a9e3c6fbe6864102b\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:     1424 7b4d96008368549d5600a8c1f64a7559\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb\n      Size/MD5:     2366 46add3d428c97fa69a8848a3e4025bb0\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb\n      Size/MD5:   137080 91e4f72d0f1f0abe91555e1497558fc2\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb\n      Size/MD5:   138176 5fd6a5ed536306528f9f2c1a0281ad70\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb\n      Size/MD5:   156646 cfa55666363303b3f44a24fa2929bf01\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb\n      Size/MD5:  1399630 82b36d57faa29a646e72a1125600c11c\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb\n      Size/MD5:    92488 ddebef9d1a537520380f85b63c512bef\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb\n      Size/MD5:    90880 c6d163edf145da8ff6d102dc0dd1f8d7\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb\n      Size/MD5:   137102 69dcd0519ca612e02102f52dcb50bf7f\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb\n      Size/MD5:   138200 17221b53903d664823a55faa1ec4d9a9\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb\n      Size/MD5:   155166 4347806710edff47fc051b4a68d5b448\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb\n      Size/MD5:  1309136 d9a7df212b315fc6f77fc87fa8eb4a04\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb\n      Size/MD5:    91876 289bf732dd4750a2ce61ab121b04b079\n    http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb\n      Size/MD5:    90316 add7f446f6b524343c0066a486dd299a\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb\n      Size/MD5:   137088 571e9f0370b5687acff25f71c4efe33e\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb\n      Size/MD5:   138192 816a6e033f02114553bbb3627b9c6f9c\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb\n      Size/MD5:   155090 af8272dc794250c30cd2f66b82486dc2\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb\n      Size/MD5:  1290606 4c51de07f5a6fe9612de45369e6f35a5\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb\n      Size/MD5:    91830 06866386df811127f4fd71d6fb2a9e2a\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb\n      Size/MD5:    90312 9e68bd8111503135a4eae7265b0084ae\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb\n      Size/MD5:   137096 61b24dbeb12d7998e5d7014c26410a99\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb\n      Size/MD5:   138202 599898ff374bde8bfa388e2615064c5a\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb\n      Size/MD5:   161058 fea8f5b9a80bef9c4cb3405bc37160af\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb\n      Size/MD5:  1390150 fb1a244728a509586b77d02930fcf10f\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb\n      Size/MD5:    92400 572c3b0aa5ab717e8c4e4e8248aff1ff\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb\n      Size/MD5:    90774 82011ebc757d31e690698cf9913e3adc\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb\n      Size/MD5:   137098 7f566dfade1678c72eac7dd923ab5987\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb\n      Size/MD5:   138202 09fbc3145d768cf1f204d47b50e21528\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb\n      Size/MD5:   159488 7cb6c81588adaee162b8c85a1f69e7a7\n    http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb\n      Size/MD5:  1297936 106b0b71f5e928c1d543973b5b1f015b\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb\n      Size/MD5:    92166 28899fe31226880dfa961d8b05e8fa43\n    http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb\n      Size/MD5:    90554 f207de0099ed259e2af736e8c82f91c2\n\n\n. USN-990-1\nintroduced the new RFC5746 renegotiation extension in openssl, and\ncompletely resolves the issue. \n\nAfter updating openssl, an Apache server will allow both patched and\nunpatched web browsers to connect, but unpatched browsers will not be able\nto renegotiate. This update introduces the new SSLInsecureRenegotiation\ndirective for Apache that may be used to re-enable insecure renegotiations\nwith unpatched web browsers. This update adds backported support\n for the new RFC5746 renegotiation extension and will use it when both the\n client and the server support it. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2009:323\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : apache\n Date    : December 7, 2009\n Affected: 2008.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been found and corrected in apache:\n \n Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c\n in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to\n cause a denial of service (memory consumption) via multiple calls, as\n demonstrated by initial SSL client handshakes to the Apache HTTP Server\n mod_ssl that specify a compression algorithm (CVE-2008-1678). Note\n that this security issue does not really apply as zlib compression\n is not enabled in the openssl build provided by Mandriva, but apache\n is patched to address this issue anyway (conserns 2008.1 only). \n \n Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the\n mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c\n in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,\n allows remote attackers to inject arbitrary web script or HTML via\n wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this\n security issue was initially addressed with MDVSA-2008:195 but the\n patch fixing the issue was added but not applied in 2009.0. \n \n The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not\n properly handle Options=IncludesNOEXEC in the AllowOverride directive,\n which allows local users to gain privileges by configuring (1) Options\n Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a\n .htaccess file, and then inserting an exec element in a .shtml file\n (CVE-2009-1195). \n \n The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\n module in the Apache HTTP Server before 2.3.3, when a reverse proxy\n is configured, does not properly handle an amount of streamed data\n that exceeds the Content-Length value, which allows remote attackers\n to cause a denial of service (CPU consumption) via crafted requests\n (CVE-2009-1890). \n \n Fix a potential Denial-of-Service attack against mod_deflate or other\n modules, by forcing the server to consume CPU time in compressing a\n large file after a client disconnects (CVE-2009-1891). \n \n The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in\n the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13\n allows remote FTP servers to cause a denial of service (NULL pointer\n dereference and child process crash) via a malformed reply to an EPSV\n command (CVE-2009-3094). \n \n The mod_proxy_ftp module in the Apache HTTP Server allows remote\n attackers to bypass intended access restrictions and send arbitrary\n commands to an FTP server via vectors related to the embedding of these\n commands in the Authorization HTTP header, as demonstrated by a certain\n module in VulnDisco Pack Professional 8.11.  NOTE: as of 20090903,\n this disclosure has no actionable information. However, because the\n VulnDisco Pack author is a reliable researcher, the issue is being\n assigned a CVE identifier for tracking purposes (CVE-2009-3095). \n \n Apache is affected by SSL injection or man-in-the-middle attacks\n due to a design flaw in the SSL and/or TLS protocols. A short term\n solution was released Sat Nov 07 2009 by the ASF team to mitigate\n these problems. Apache will now reject in-session renegotiation\n (CVE-2009-3555). \n \n Packages for 2008.0 are being provided due to extended support for\n Corporate products. \n \n This update provides a solution to these vulnerabilities. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n dd2bebdd6726d2d865331d37068a90b7  2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm\n 6de9d36a91b125cc03bafe911b7a38a2  2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm\n ab7963efad1b7951c94a24075a2070e7  2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm\n 42a53b597d5547fb88b7427cacd617a1  2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 1dff9d313e93c94e907d8c72348ed2e0  2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm\n b575ede2978ad47e41d355bd8b192725  2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm\n 8ff3dee24d2d2d9a8d13e567cf1eaced  2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 7bae541dfec14b21700878514750de83  2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm\n 19cab766a26ce53bd7e7973ed92f0db4  2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm\n a1336e4ab4f282c388d7565bde4557fd  2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 6b2f2eb949977349390fa3b06cf257e7  2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm\n 3640bbef5262ec0407126e31dd5ddde3  2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 98793747365606baabc08f22e36a0a04  2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm\n d7fe4d88f25d2a01b0809ab5292b0999  2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm\n 4c9f48adbd0b1d45a874f06b9275ebe3  2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm\n e5a1d9476316ccc9f183cb1ae5bbcf31  2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm\n 44f7810695a40519c68930695829f124  2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm\n d6f666e9954422664d1f029fc147b591  2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm\n 75e205ddbc9313b8d02519e57919923a  2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm\n 6d68e8fa7baccc2ad090c703fb33458e  2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm\n 331f18ce48403472fc7f8af6d5daee8e  2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm\n c75e69bcabc104938cb9033e591d1de8  2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm \n 23fcdf29e21b0146fb5646baca2fa63b  2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 3d4afe3f8da8369d80b6c195e132c5c0  2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm\n 37034ee7c7eb813de2a00a6945a10248  2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm\n ba296f9aa229a616a2c406d1a16912c3  2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm\n 77fa75d36e7a4bbe154c846e3271e7a3  2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n ca29e2db08b29e319f2392b46ea4c3fe  2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 3fbf5a0276adaa2d887a92482d81313f  2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9c66e471c2d2d3e43462302d0cc6f1c9  2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n 05020102a26a28b96319b23e3b6e43d6  2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm\n 7191542417b30ed77334f1b8366628aa  2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n f4177dbdcfd2e3dc8e66be731ad731c4  2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n fea417664f0a2689fa12308bd80c2fe4  2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9cf956fa426e6bdf6497337b6e26a2ab  2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 0d9d04ca878bb3f19f4764152da42d82  2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm\n dbbcd75dd83779f54f98fa3e16b59f13  2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm\n dce8db6742ba28a71e18b86bb38688c8  2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm\n 2ff69d6e9c2cd3250f6746d4a7d921fd  2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm\n f298827d4dfa631a77907f7f5733fa29  2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm\n 6f02fb080e308ca0826fdb1ef00a1489  2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm\n b886d30d73c60a515b3ed36d7f186378  2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm\n 62d7754a5aa7af596cc06cd540d4025f  2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm\n d3438e0967978e580be896bd85f1d953  2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm\n e72af335ec7c3c02b5a494fbd6e99e0e  2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm \n 23fcdf29e21b0146fb5646baca2fa63b  2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  <security*mandriva.com>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu\nMUj4lK2Wsb+qzbv2V+Ih30U=\n=VdZS\n-----END PGP SIGNATURE-----\n. \n \n Additionally the NSPR package has been upgraded to 4.8.4 that brings\n numerous upstream fixes. \n \n This update provides the latest versions of NSS and NSPR libraries\n and for which NSS is not vulnerable to this attack. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAruba Networks Security Advisory\n\nTitle: TLS Protocol Session Renegotiation Security Vulnerability\n\nAruba Advisory ID: AID-020810\nRevision: 1.0\n\nFor Public Release on 02/08/2010\n\n+----------------------------------------------------\n\nSUMMARY\n\nThis advisory addresses the renegotiation related vulnerability\ndisclosed recently in Transport Layer Security protocol [1][2]. \n\nThe only ArubaOS component that seems affected by this issue is the\nHTTPS WebUI administration interface. If a client browser (victim) is\nconfigured to authenticate to the WebUI over HTTPS using a client\ncertificate, an attacker can potentially use the victim's credentials\ntemporarily to execute arbitrary HTTP request for each initiation of an\nHTTPS session from the victim to the WebUI. This would happen without\nany HTTPS/TLS warnings to the victim. This condition can essentially be\nexploited by an attacker for command injection in beginning of a HTTPS\nsession between the victim and the ArubaOS WebUI. \n\nArubaOS itself does not initiate TLS renegotiation at any point and\nhence is only vulnerable to scenario where a client explicitly requests\nTLS renegotiation. Captive Portal users do not seem vulnerable to this\nissue unless  somehow client certificates are being used to authenticate\ncaptive portal users. \n\nAFFECTED ArubaOS VERSIONS\n\n   2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS,\n2.4.8.x-FIPS\n\n\nCHECK IF YOU ARE VULNERABLE\n\nThe only ArubaOS component that seems affected by this issue is the\nHTTPS WebUI administration interface. ArubaOS is vulnerable only if its\nconfiguration permits WebUI administration interface clients to connect\nusing either username/password or client certificates. If only one of\nthe two authentication method is allowed, this issue does not seem to apply. \n\nCheck if the following line appears in your configuration:\n\t\n\tweb-server mgmt-auth username/password certificate\n\nIf the exact line does not appear in the configuration, this issue does\nnot apply. \n\t\n\nDETAILS\n\nAn industry wide vulnerability was discovered in TLS protocol's\nrenegotiation feature, which allows a client and server who already have\na TLS connection to negotiate new session parameters and generate new\nkey material.  Renegotiation is carried out in the existing TLS\nconnection. However there is no cryptographic binding between the\nrenegotiated TLS session and the original TLS session. An attacker who\nhas established MITM between client and server may be able to take\nadvantage of this and inject arbitrary data into the beginning of the\napplication protocol stream protected by TLS. Specifically arbitrary\nHTTP requests can be injected in a HTTPS session where attacker (MITM)\nblocks HTTPS session initiation between client and server, establishes\nHTTPS session with the server itself, injects HTTP data and initiates\nTLS renegotiation with the server. Then attacker allows the\nrenegotiation to occur between the client and the server. After\nsuccessful HTTPS session establishment with the server, now the client\nsends its HTTP request along with its HTTP credentials (cookie) to the\nserver. However due to format of attacker's injected HTTP data, the\nclient's HTTP request is not processed, rather the attacker's HTTP\nrequest gets executed with credentials of the client. The attacker is\nnot able to view the results of the injected HTTP request due to the\nfact that data between the client and the server is encrypted over\nHTTPS. \n\nArubaOS itself does not initiate TLS renegotiation at any point. The only ArubaOS component that seems affected\nby this issue is the HTTPS WebUI administration interface. \n\nPre-requisites for this attack :\n 1. The attacker must be able to establish a MITM between the client and\nthe server (ArubaOS WebUI). \n 2. The attacker must be able to establish a successful HTTPS session\nwith the server (ArubaOS WebUI)\n 3. ArubaOS must be configured to allow certificate based HTTPS\nauthentication for WebUI clients (client certs). \n\nCaptive Portal users do not seem vulnerable to this issue unless somehow\nclient certificates are being used to authenticate captive portal users. \n\nCVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n\nWORKAROUNDS\n\nAruba Networks recommends that all customers apply the appropriate\npatch(es) as soon as practical. However, in the event that a patch\ncannot immediately be applied, the following steps will help to mitigate\nthe risk:\n\n- - - Disable certificate based HTTPS authentication (and only allow\nusername-password based authentication) for WebUI clients. Client's\nusername-password authentication POST request will prohibit attacker's\ninjected HTTP data from executing with client's cookie. \n     CLI command: web-server mgmt-auth username/password\n\n- - - Permit certificate based HTTPS authentication ONLY and disable\nusername-password based authentication to WebUI. This will prohibit\nattacker from establishing a HTTPS session with ArubaOS (for MITM)\nwithout a valid client cert. \n\t CLI command: web-server mgmt-auth certificate\n\t\n\tNote: This step won't stop command injection from attackers who have\nvalid client certificates but their assigned management role privileges\nare lower than that of the admin. This attack may allow them to run\ncommands at higher privilege than what is permitted in their role. \n\n- - - Do not expose the Mobility Controller administrative interface to\nuntrusted networks such as the Internet. \n\n\n\nSOLUTION\n\nAruba Networks recommends that all customers apply the appropriate\npatch(es) as soon as practical. \n\nThe following patches have the fix (any newer patch will also have the fix):\n\n- - - - 2.5.6.24\n- - - - 3.3.2.23\n- - - - 3.3.3.2\n- - - - 3.4.0.7\n- - - - 3.4.1.1\n- - - - RN 3.1.4\n\nPlease contact Aruba support for obtaining patched FIPS releases. \n\nPlease note: We highly recommend that you upgrade your Mobility\nController to the latest available patch on the Aruba support site\ncorresponding to your currently installed release. \n\n\nREFERENCES\n\n[1] http://extendedsubset.com/?p=8\n\n[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n\n\n\n\n+----------------------------------------------------\n\nOBTAINING FIXED FIRMWARE\n\nAruba customers can obtain the firmware on the support website:\n\thttp://www.arubanetworks.com/support. \n\nAruba Support contacts are as follows:\n\n\t1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)\n\n\t+1-408-754-1200 (toll call from anywhere in the world)\n\n\te-mail: support(at)arubanetworks.com\n\nPlease, do not contact either \"wsirt(at)arubanetworks.com\" or\n\"security(at)arubanetworks.com\" for software upgrades. \n\n\nEXPLOITATION AND PUBLIC ANNOUNCEMENTS\n\nThis vulnerability will be announced at\n\nAruba W.S.I.R.T. Advisory:\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\n\nSecurityFocus Bugtraq\nhttp://www.securityfocus.com/archive/1\n\n\nSTATUS OF THIS NOTICE: Final\n\nAlthough Aruba Networks cannot guarantee the accuracy of all statements\nin this advisory, all of the facts have been checked to the best of our\nability. Aruba Networks does not anticipate issuing updated versions of\nthis advisory unless there is some material change in the facts. Should\nthere be a significant change in the facts, Aruba Networks may update\nthis advisory. \n\nA stand-alone copy or paraphrase of the text of this security advisory\nthat omits the distribution URL in the following section is an uncontrolled\ncopy, and may lack important information or contain factual errors. \n\n\nDISTRIBUTION OF THIS ANNOUNCEMENT\n\nThis advisory will be posted on Aruba's website at:\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\n\n\nFuture updates of this advisory, if any, will be placed on Aruba's worldwide\nwebsite, but may or may not be actively announced on mailing lists or\nnewsgroups. Users concerned about this problem are encouraged to check the\nabove URL for any updates. \n\n\nREVISION HISTORY\n\n      Revision 1.0 / 02-08-2010 / Initial release\n\n\nARUBA WSIRT SECURITY PROCEDURES\n\nComplete information on reporting security vulnerabilities in Aruba Networks\nproducts, obtaining assistance with security incidents is available at\n      http://www.arubanetworks.com/support/wsirt.php\n\n\nFor reporting *NEW* Aruba Networks security issues, email can be sent to\nwsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive\ninformation we encourage the use of PGP encryption. Our public keys can be\nfound at\n\thttp://www.arubanetworks.com/support/wsirt.php\n\n\n      (c) Copyright 2010 by Aruba Networks, Inc. \nThis advisory may be redistributed freely after the release date given at\nthe top of the text, provided that redistributed copies are complete and\nunmodified, including all date and version information. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.14 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN\nbWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP\n=CrHf\n-----END PGP SIGNATURE-----\n. Transport Layer Security (TLS) is a protocol for ensuring the privacy of communication applications and their users over the Internet. Service (DoS)\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01963123\nVersion: 1\n\nHPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of\n\nService (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-12-21\nLast Updated: 2009-12-21\n\nPotential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The\n\nvulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS). \n\nReferences: CVE-2009-3555\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.12 and previous. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2009-3555    (AV:N/AC:L/Au:N/C:N/I:P/A:P)       6.4\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following temporary software updates to resolve the vulnerability. \n\nNOTE: The vulnerability is resolved in OpenSSL 0.9.8l. HP-UX Apache v2.0.59.X versions use statically linked\n\nlibraries. HP-UX Apache v2.0.59.13 is compiled with OpenSSL 0.9.8l. Other versions of HP-UX Apache require the\n\nHP-UX OpenSSL packages recommended in HPSBUX02482 SSRT090249, available here\n\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do\n\nTo review previously published Security Bulletins visit http://www.itrc.hp.com/service/cki/secBullArchive.do\n\nThe depots are available are available using ftp. \nHost / Account / Password\n\nftp.usa.hp.com / sb02498 / Secure12\n\nHP-UX Release / Temporary Depot name / SHA-1 Sum\n\nB.11.11 (IPv4 and IPv6) / Apache 2.0.59.13 PA-64-32-1111.depot /\n 3B6BE547403C28926482192408D5D5AB603A403D\n\nB.11.23 PA-32 / Apache 2.0.59.13 IA-PA-32-1123.depot /\n 4809BAF0F83F78F60B7EC73FAF584D221B1CB4A7\n\nB.11.23 IA-64 / Apache 2.0.59.13 IA-PA-64-1123.depot /\n 1D65F7D49883399F4D202E16754CF7DAE71E3B47\n\nB.11.31 PA-32 / Apache 2.0.59.13 IA-PA-32-1131.depot /\n 943E21D4621B480B5E8E651ACB605B8F7EA47304\n\nB.11.31 IA-64 / Apache 2.0.59.13 IA-PA-64-1131.depot /\n B8836FDB73434A3C26FB411E3F7CB3211129E5AC\n\nMANUAL ACTIONS: Yes\nInstall Apache v2.0.59.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security\n\nPatch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a\n\nspecific HP-UX system. It can also download patches and create a depot automatically. For more information\n\nsee: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nFor Apache IPv4 and IPv6\nHP-UX B.11.11\n=============\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.13 or subsequent\n\nHP-UX B.11.23\n=============\nhpuxwsAPCH32.APACHE\nhpuxwsAPCH32.APACHE2\nhpuxwsAPCH32.AUTH_LDAP\nhpuxwsAPCH32.AUTH_LDAP2\nhpuxwsAPCH32.MOD_JK\nhpuxwsAPCH32.MOD_JK2\nhpuxwsAPCH32.MOD_PERL\nhpuxwsAPCH32.MOD_PERL2\nhpuxwsAPCH32.PHP\nhpuxwsAPCH32.PHP2\nhpuxwsAPCH32.WEBPROXY\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.13 or subsequent\n\nHP-UX B.11.31\n=============\nhpuxwsAPCH32.APACHE\nhpuxwsAPCH32.APACHE2\nhpuxwsAPCH32.AUTH_LDAP\nhpuxwsAPCH32.AUTH_LDAP2\nhpuxwsAPCH32.MOD_JK\nhpuxwsAPCH32.MOD_JK2\nhpuxwsAPCH32.MOD_PERL\nhpuxwsAPCH32.MOD_PERL2\nhpuxwsAPCH32.PHP\nhpuxwsAPCH32.PHP2\nhpuxwsAPCH32.WEBPROXY\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.13 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 21 December 2009 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber's choice for Business: sign-in. \nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing & Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\nReferences: CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740. \nThe upgrades are available from the following location. \n\nFor Debian 7 (wheezy) this update adds a missing part to make it\nactually possible to disable client-initiated renegotiation and\ndisables it by default (CVE-2009-3555). TLS compression is disabled\n(CVE-2012-4929), although this is normally already disabled by the OpenSSL\nsystem library. Finally it adds the ability to disable the SSLv3 protocol\n(CVE-2014-3566) entirely via the new \"DisableSSLv3\" configuration\ndirective, although it will not disabled by default in this update. \n\nFor Debian 8 (jessie) these issues have been fixed prior to the release,\nwith the exception of client-initiated renegotiation (CVE-2009-3555). \nThis update addresses that issue for jessie. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2.6-2+deb7u1. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.6-6+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6-6.1. \n\nWe recommend that you upgrade your pound packages. ----------------------------------------------------------------------\n\n\nSecunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management\n\nFree webinars\n\nhttp://secunia.com/vulnerability_scanning/corporate/webinars/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nOpenOffice.org Data Manipulation and Code Execution Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA40070\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40070/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory&vuln_id=40070\n\nRELEASE DATE:\n2010-06-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40070/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40070/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory&vuln_id=40070\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in OpenOffice.org, which can\nbe exploited by malicious people to manipulate certain data or\ncompromise a user's system. \n\n1) An error in the TLS protocol while handling session\nre-negotiations in included libraries can be exploited to manipulate\nsession data. \n\nFor more information see vulnerability #1 in:\nSA37291\n\n2) An error when exploring python code through the scripting IDE can\nbe exploited to potentially execute arbitrary code. \n\nThe vulnerabilities are reported in versions prior to 3.2.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.openoffice.org/security/cves/CVE-2009-3555.html\nhttp://www.openoffice.org/security/cves/CVE-2010-0395.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This could force the server to\n process an attacker&#039;s request as if authenticated using the victim&#039;s\n credentials. \n \n The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28,\n and 3.1.x before 3.1.7 does not properly consider timing side-channel\n attacks on a noncompliant MAC check operation during the processing\n of malformed CBC padding, which allows remote attackers to conduct\n distinguishing attacks and plaintext-recovery attacks via statistical\n analysis of timing data for crafted packets, a related issue to\n CVE-2013-0169 (CVE-2013-1619). \n \n The updated packages have been patched to correct these issues. \nHP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier.  For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Due\nto a bug in lighttpd, the server fails to start in some configurations\nif using the updated openssl libraries. \n\nThe packages for the hppa, mips, and mipsel architectures are not yet\navailable. They will be released as soon as they have been built",
      sources: [
         {
            db: "NVD",
            id: "CVE-2009-3555",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2011-001632",
         },
         {
            db: "CERT/CC",
            id: "VU#120541",
         },
         {
            db: "PACKETSTORM",
            id: "100765",
         },
         {
            db: "PACKETSTORM",
            id: "82799",
         },
         {
            db: "PACKETSTORM",
            id: "94088",
         },
         {
            db: "PACKETSTORM",
            id: "83521",
         },
         {
            db: "PACKETSTORM",
            id: "88167",
         },
         {
            db: "PACKETSTORM",
            id: "86075",
         },
         {
            db: "VULHUB",
            id: "VHN-41001",
         },
         {
            db: "PACKETSTORM",
            id: "84183",
         },
         {
            db: "PACKETSTORM",
            id: "88387",
         },
         {
            db: "PACKETSTORM",
            id: "131826",
         },
         {
            db: "PACKETSTORM",
            id: "90344",
         },
         {
            db: "PACKETSTORM",
            id: "84181",
         },
         {
            db: "PACKETSTORM",
            id: "120714",
         },
         {
            db: "PACKETSTORM",
            id: "89667",
         },
         {
            db: "PACKETSTORM",
            id: "111920",
         },
         {
            db: "PACKETSTORM",
            id: "97489",
         },
      ],
      trust: 3.78,
   },
   exploit_availability: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            reference: "https://www.scap.org.cn/vuln/vhn-41001",
            trust: 0.1,
            type: "unknown",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-41001",
         },
      ],
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2009-3555",
            trust: 4.9,
         },
         {
            db: "CERT/CC",
            id: "VU#120541",
            trust: 1.9,
         },
         {
            db: "SECUNIA",
            id: "40070",
            trust: 1.3,
         },
         {
            db: "SECUNIA",
            id: "38781",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "42377",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "37501",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "39632",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "37604",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "41972",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "43308",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "38241",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "37859",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "41818",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "39292",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "42816",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "42379",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "39317",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "38020",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "42467",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "37320",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "37640",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "37656",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "37383",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "42724",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "38003",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "44183",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "42733",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "38484",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "40545",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "40866",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "39242",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "38056",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "39278",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "39243",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "42808",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "37675",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "39127",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "39461",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "39819",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "37453",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "40747",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "41490",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "39628",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "44954",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "39500",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "48577",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "42811",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "37291",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "41480",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "37292",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "37399",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "39713",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "38687",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "37504",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "39136",
            trust: 1.1,
         },
         {
            db: "SECUNIA",
            id: "41967",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023217",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023273",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023274",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023206",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023272",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023427",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023218",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023163",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023214",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023211",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023219",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023216",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1024789",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023148",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023213",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023271",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023243",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023209",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023215",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023208",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023411",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023204",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023224",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023210",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023207",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023426",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023428",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023205",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023275",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023270",
            trust: 1.1,
         },
         {
            db: "SECTRACK",
            id: "1023212",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-2745",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2009-3353",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-3069",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-0086",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2009-3354",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2009-3484",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-1793",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2009-3310",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-0982",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2011-0033",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2009-3220",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-2010",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-1639",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-1107",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-3126",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-0916",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2009-3164",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2011-0032",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2011-0086",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2009-3313",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-0748",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-1350",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2009-3521",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-0994",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-3086",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-1191",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-0173",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2009-3587",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-0933",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2009-3205",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-1054",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-0848",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2010-1673",
            trust: 1.1,
         },
         {
            db: "VUPEN",
            id: "ADV-2009-3165",
            trust: 1.1,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2009/11/05/3",
            trust: 1.1,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2009/11/07/3",
            trust: 1.1,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2009/11/23/10",
            trust: 1.1,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2009/11/05/5",
            trust: 1.1,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2009/11/20/1",
            trust: 1.1,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2009/11/06/3",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "65202",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "62210",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "60521",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "60972",
            trust: 1.1,
         },
         {
            db: "HITACHI",
            id: "HS10-030",
            trust: 1.1,
         },
         {
            db: "USCERT",
            id: "TA10-222A",
            trust: 1.1,
         },
         {
            db: "USCERT",
            id: "TA10-287A",
            trust: 1.1,
         },
         {
            db: "BID",
            id: "36935",
            trust: 1.1,
         },
         {
            db: "ICS CERT",
            id: "ICSA-22-160-01",
            trust: 0.8,
         },
         {
            db: "JVN",
            id: "JVNVU95298925",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002319",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2011-001632",
            trust: 0.8,
         },
         {
            db: "PACKETSTORM",
            id: "88167",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "120714",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "97489",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "131826",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "94088",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "89667",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "84183",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "86075",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "84181",
            trust: 0.2,
         },
         {
            db: "EXPLOIT-DB",
            id: "10071",
            trust: 0.1,
         },
         {
            db: "EXPLOIT-DB",
            id: "10579",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "82657",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "82770",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "130868",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "83271",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "90262",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "88173",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "91309",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "120365",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "106155",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "83415",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "111273",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "83414",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "92095",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "124088",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "82652",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "94087",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "95279",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "137201",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "102374",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "106156",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "89136",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "92497",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "88621",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "88698",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "84112",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "90286",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "127267",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "114810",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "88224",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "123380",
            trust: 0.1,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200911-069",
            trust: 0.1,
         },
         {
            db: "SEEBUG",
            id: "SSVID-67231",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-41001",
            trust: 0.1,
         },
         {
            db: "SECUNIA",
            id: "44292",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "100765",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "82799",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "83521",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "88387",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "90344",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "111920",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#120541",
         },
         {
            db: "VULHUB",
            id: "VHN-41001",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2011-001632",
         },
         {
            db: "PACKETSTORM",
            id: "100765",
         },
         {
            db: "PACKETSTORM",
            id: "82799",
         },
         {
            db: "PACKETSTORM",
            id: "94088",
         },
         {
            db: "PACKETSTORM",
            id: "83521",
         },
         {
            db: "PACKETSTORM",
            id: "88167",
         },
         {
            db: "PACKETSTORM",
            id: "86075",
         },
         {
            db: "PACKETSTORM",
            id: "97489",
         },
         {
            db: "PACKETSTORM",
            id: "84183",
         },
         {
            db: "PACKETSTORM",
            id: "88387",
         },
         {
            db: "PACKETSTORM",
            id: "131826",
         },
         {
            db: "PACKETSTORM",
            id: "90344",
         },
         {
            db: "PACKETSTORM",
            id: "84181",
         },
         {
            db: "PACKETSTORM",
            id: "120714",
         },
         {
            db: "PACKETSTORM",
            id: "89667",
         },
         {
            db: "PACKETSTORM",
            id: "111920",
         },
         {
            db: "NVD",
            id: "CVE-2009-3555",
         },
      ],
   },
   id: "VAR-200911-0398",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-41001",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-07-23T21:54:40.707000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "HS11-006 Software product security information",
            trust: 0.8,
            url: "http://marc.info/?l=bugtraq&amp;m=142660345230545&amp;w=2",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2011-001632",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-295",
            trust: 1.1,
         },
         {
            problemtype: "Lack of information (CWE-noinfo) [IPA evaluation ]",
            trust: 0.8,
         },
         {
            problemtype: "CWE-310",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-41001",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2011-001632",
         },
         {
            db: "NVD",
            id: "CVE-2009-3555",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2,
            url: "http://extendedsubset.com/?p=8",
         },
         {
            trust: 1.9,
            url: "http://www.links.org/?p=780",
         },
         {
            trust: 1.9,
            url: "http://www.links.org/?p=786",
         },
         {
            trust: 1.9,
            url: "http://www.links.org/?p=789",
         },
         {
            trust: 1.9,
            url: "http://blogs.iss.net/archive/sslmitmiscsrf.html",
         },
         {
            trust: 1.9,
            url: "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html",
         },
         {
            trust: 1.9,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125",
         },
         {
            trust: 1.9,
            url: "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt",
         },
         {
            trust: 1.9,
            url: "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html",
         },
         {
            trust: 1.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-3555",
         },
         {
            trust: 1.2,
            url: "http://www.arubanetworks.com/support/alerts/aid-020810.txt",
         },
         {
            trust: 1.2,
            url: "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html",
         },
         {
            trust: 1.2,
            url: "http://www.openoffice.org/security/cves/cve-2009-3555.html",
         },
         {
            trust: 1.1,
            url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1",
         },
         {
            trust: 1.1,
            url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1",
         },
         {
            trust: 1.1,
            url: "http://securitytracker.com/id?1023148",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023163",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023204",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023205",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023206",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023207",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023208",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023209",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023210",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023211",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023212",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023213",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023214",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023215",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023216",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023217",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023218",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023219",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023224",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023243",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023270",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023271",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023272",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023273",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023274",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023275",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023411",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023426",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023427",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1023428",
         },
         {
            trust: 1.1,
            url: "http://www.securitytracker.com/id?1024789",
         },
         {
            trust: 1.1,
            url: "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml",
         },
         {
            trust: 1.1,
            url: "http://seclists.org/fulldisclosure/2009/nov/139",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/archive/1/507952/100/0/threaded",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/archive/1/508130/100/0/threaded",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/archive/1/515055/100/0/threaded",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
         },
         {
            trust: 1.1,
            url: "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html",
         },
         {
            trust: 1.1,
            url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1",
         },
         {
            trust: 1.1,
            url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1",
         },
         {
            trust: 1.1,
            url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/bid/36935",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/37291",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/37292",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/37320",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/37383",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/37399",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/37453",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/37501",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/37504",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/37604",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/37640",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/37656",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/37675",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/37859",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/38003",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/38020",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/38056",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/38241",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/38484",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/38687",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/38781",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/39127",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/39136",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/39242",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/39243",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/39278",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/39292",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/39317",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/39461",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/39500",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/39628",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/39632",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/39713",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/39819",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/40070",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/40545",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/40747",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/40866",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/41480",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/41490",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/41818",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/41967",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/41972",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/42377",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/42379",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/42467",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/42724",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/42733",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/42808",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/42811",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/42816",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/43308",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/44183",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/44954",
         },
         {
            trust: 1.1,
            url: "http://secunia.com/advisories/48577",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/60521",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/60972",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/62210",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/65202",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2009/3164",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2009/3165",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2009/3205",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2009/3220",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2009/3310",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2009/3313",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2009/3353",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2009/3354",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2009/3484",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2009/3521",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2009/3587",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/0086",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/0173",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/0748",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/0848",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/0916",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/0933",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/0982",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/0994",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/1054",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/1107",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/1191",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/1350",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/1639",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/1673",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/1793",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/2010",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/2745",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/3069",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/3086",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2010/3126",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2011/0032",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2011/0033",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2011/0086",
         },
         {
            trust: 1.1,
            url: "http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html",
         },
         {
            trust: 1.1,
            url: "http://lists.apple.com/archives/security-announce/2010//may/msg00001.html",
         },
         {
            trust: 1.1,
            url: "http://lists.apple.com/archives/security-announce/2010//may/msg00002.html",
         },
         {
            trust: 1.1,
            url: "http://www.debian.org/security/2009/dsa-1934",
         },
         {
            trust: 1.1,
            url: "http://www.debian.org/security/2011/dsa-2141",
         },
         {
            trust: 1.1,
            url: "http://www.debian.org/security/2015/dsa-3253",
         },
         {
            trust: 1.1,
            url: "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html",
         },
         {
            trust: 1.1,
            url: "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html",
         },
         {
            trust: 1.1,
            url: "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html",
         },
         {
            trust: 1.1,
            url: "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html",
         },
         {
            trust: 1.1,
            url: "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html",
         },
         {
            trust: 1.1,
            url: "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html",
         },
         {
            trust: 1.1,
            url: "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html",
         },
         {
            trust: 1.1,
            url: "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html",
         },
         {
            trust: 1.1,
            url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html",
         },
         {
            trust: 1.1,
            url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html",
         },
         {
            trust: 1.1,
            url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html",
         },
         {
            trust: 1.1,
            url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html",
         },
         {
            trust: 1.1,
            url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html",
         },
         {
            trust: 1.1,
            url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html",
         },
         {
            trust: 1.1,
            url: "http://security.gentoo.org/glsa/glsa-200912-01.xml",
         },
         {
            trust: 1.1,
            url: "http://security.gentoo.org/glsa/glsa-201203-22.xml",
         },
         {
            trust: 1.1,
            url: "http://security.gentoo.org/glsa/glsa-201406-32.xml",
         },
         {
            trust: 1.1,
            url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041",
         },
         {
            trust: 1.1,
            url: "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751",
         },
         {
            trust: 1.1,
            url: "http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/archive/1/522176",
         },
         {
            trust: 1.1,
            url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686",
         },
         {
            trust: 1.1,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848",
         },
         {
            trust: 1.1,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054",
         },
         {
            trust: 1.1,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055",
         },
         {
            trust: 1.1,
            url: "http://www.mandriva.com/security/advisories?name=mdvsa-2010:076",
         },
         {
            trust: 1.1,
            url: "http://www.mandriva.com/security/advisories?name=mdvsa-2010:084",
         },
         {
            trust: 1.1,
            url: "http://www.mandriva.com/security/advisories?name=mdvsa-2010:089",
         },
         {
            trust: 1.1,
            url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049",
         },
         {
            trust: 1.1,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0119.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0130.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0155.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0165.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0167.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0337.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0338.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0339.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0768.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0770.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0786.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0807.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0865.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0986.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2010-0987.html",
         },
         {
            trust: 1.1,
            url: "http://www.redhat.com/support/errata/rhsa-2011-0880.html",
         },
         {
            trust: 1.1,
            url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html",
         },
         {
            trust: 1.1,
            url: "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html",
         },
         {
            trust: 1.1,
            url: "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html",
         },
         {
            trust: 1.1,
            url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
         },
         {
            trust: 1.1,
            url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html",
         },
         {
            trust: 1.1,
            url: "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html",
         },
         {
            trust: 1.1,
            url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html",
         },
         {
            trust: 1.1,
            url: "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html",
         },
         {
            trust: 1.1,
            url: "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html",
         },
         {
            trust: 1.1,
            url: "http://www.us-cert.gov/cas/techalerts/ta10-222a.html",
         },
         {
            trust: 1.1,
            url: "http://www.us-cert.gov/cas/techalerts/ta10-287a.html",
         },
         {
            trust: 1.1,
            url: "http://www.ubuntu.com/usn/usn-1010-1",
         },
         {
            trust: 1.1,
            url: "http://ubuntu.com/usn/usn-923-1",
         },
         {
            trust: 1.1,
            url: "http://www.ubuntu.com/usn/usn-927-1",
         },
         {
            trust: 1.1,
            url: "http://www.ubuntu.com/usn/usn-927-4",
         },
         {
            trust: 1.1,
            url: "http://www.ubuntu.com/usn/usn-927-5",
         },
         {
            trust: 1.1,
            url: "http://www.kb.cert.org/vuls/id/120541",
         },
         {
            trust: 1.1,
            url: "http://openbsd.org/errata45.html#010_openssl",
         },
         {
            trust: 1.1,
            url: "http://openbsd.org/errata46.html#004_openssl",
         },
         {
            trust: 1.1,
            url: "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html",
         },
         {
            trust: 1.1,
            url: "http://www.openwall.com/lists/oss-security/2009/11/05/3",
         },
         {
            trust: 1.1,
            url: "http://www.openwall.com/lists/oss-security/2009/11/05/5",
         },
         {
            trust: 1.1,
            url: "http://www.openwall.com/lists/oss-security/2009/11/06/3",
         },
         {
            trust: 1.1,
            url: "http://www.openwall.com/lists/oss-security/2009/11/07/3",
         },
         {
            trust: 1.1,
            url: "http://www.openwall.com/lists/oss-security/2009/11/20/1",
         },
         {
            trust: 1.1,
            url: "http://www.openwall.com/lists/oss-security/2009/11/23/10",
         },
         {
            trust: 1.1,
            url: "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html",
         },
         {
            trust: 1.1,
            url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e",
         },
         {
            trust: 1.1,
            url: "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e",
         },
         {
            trust: 1.1,
            url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e",
         },
         {
            trust: 1.1,
            url: "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e",
         },
         {
            trust: 1.1,
            url: "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html",
         },
         {
            trust: 1.1,
            url: "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during",
         },
         {
            trust: 1.1,
            url: "http://clicky.me/tlsvuln",
         },
         {
            trust: 1.1,
            url: "http://extendedsubset.com/renegotiating_tls.pdf",
         },
         {
            trust: 1.1,
            url: "http://kbase.redhat.com/faq/docs/doc-20491",
         },
         {
            trust: 1.1,
            url: "http://support.apple.com/kb/ht4004",
         },
         {
            trust: 1.1,
            url: "http://support.apple.com/kb/ht4170",
         },
         {
            trust: 1.1,
            url: "http://support.apple.com/kb/ht4171",
         },
         {
            trust: 1.1,
            url: "http://support.avaya.com/css/p8/documents/100070150",
         },
         {
            trust: 1.1,
            url: "http://support.avaya.com/css/p8/documents/100081611",
         },
         {
            trust: 1.1,
            url: "http://support.avaya.com/css/p8/documents/100114315",
         },
         {
            trust: 1.1,
            url: "http://support.avaya.com/css/p8/documents/100114327",
         },
         {
            trust: 1.1,
            url: "http://support.citrix.com/article/ctx123359",
         },
         {
            trust: 1.1,
            url: "http://support.zeus.com/zws/media/docs/4.3/release_notes",
         },
         {
            trust: 1.1,
            url: "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released",
         },
         {
            trust: 1.1,
            url: "http://sysoev.ru/nginx/patch.cve-2009-3555.txt",
         },
         {
            trust: 1.1,
            url: "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html",
         },
         {
            trust: 1.1,
            url: "http://wiki.rpath.com/advisories:rpsa-2009-0155",
         },
         {
            trust: 1.1,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
         },
         {
            trust: 1.1,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
         },
         {
            trust: 1.1,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24006386",
         },
         {
            trust: 1.1,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24025312",
         },
         {
            trust: 1.1,
            url: "http://www.betanews.com/article/1257452450",
         },
         {
            trust: 1.1,
            url: "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html",
         },
         {
            trust: 1.1,
            url: "http://www.ingate.com/relnote.php?ver=481",
         },
         {
            trust: 1.1,
            url: "http://www.openssl.org/news/secadv_20091111.txt",
         },
         {
            trust: 1.1,
            url: "http://www.opera.com/docs/changelogs/unix/1060/",
         },
         {
            trust: 1.1,
            url: "http://www.opera.com/support/search/view/944/",
         },
         {
            trust: 1.1,
            url: "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
         },
         {
            trust: 1.1,
            url: "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
         },
         {
            trust: 1.1,
            url: "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
         },
         {
            trust: 1.1,
            url: "http://www.proftpd.org/docs/release_notes-1.3.2c",
         },
         {
            trust: 1.1,
            url: "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html",
         },
         {
            trust: 1.1,
            url: "http://www.tombom.co.uk/blog/?p=85",
         },
         {
            trust: 1.1,
            url: "http://www.vmware.com/security/advisories/vmsa-2010-0019.html",
         },
         {
            trust: 1.1,
            url: "http://www.vmware.com/security/advisories/vmsa-2011-0003.html",
         },
         {
            trust: 1.1,
            url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
         },
         {
            trust: 1.1,
            url: "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html",
         },
         {
            trust: 1.1,
            url: "https://bugzilla.mozilla.org/show_bug.cgi?id=526689",
         },
         {
            trust: 1.1,
            url: "https://bugzilla.mozilla.org/show_bug.cgi?id=545755",
         },
         {
            trust: 1.1,
            url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888",
         },
         {
            trust: 1.1,
            url: "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html",
         },
         {
            trust: 1.1,
            url: "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html",
         },
         {
            trust: 1.1,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088",
         },
         {
            trust: 1.1,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578",
         },
         {
            trust: 1.1,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617",
         },
         {
            trust: 1.1,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315",
         },
         {
            trust: 1.1,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478",
         },
         {
            trust: 1.1,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973",
         },
         {
            trust: 1.1,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366",
         },
         {
            trust: 1.1,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535",
         },
         {
            trust: 1.1,
            url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158",
         },
         {
            trust: 1.1,
            url: "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2",
         },
         {
            trust: 1,
            url: "http://marc.info/?l=bugtraq&m=126150535619567&w=2",
         },
         {
            trust: 1,
            url: "http://marc.info/?l=bugtraq&m=127128920008563&w=2",
         },
         {
            trust: 1,
            url: "http://marc.info/?l=bugtraq&m=127419602507642&w=2",
         },
         {
            trust: 1,
            url: "http://marc.info/?l=bugtraq&m=127557596201693&w=2",
         },
         {
            trust: 1,
            url: "http://marc.info/?l=bugtraq&m=130497311408250&w=2",
         },
         {
            trust: 1,
            url: "http://marc.info/?l=bugtraq&m=132077688910227&w=2",
         },
         {
            trust: 1,
            url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2",
         },
         {
            trust: 1,
            url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2",
         },
         {
            trust: 1,
            url: "http://marc.info/?l=bugtraq&m=142660345230545&w=2",
         },
         {
            trust: 1,
            url: "http://marc.info/?l=cryptography&m=125752275331877&w=2",
         },
         {
            trust: 1,
            url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446",
         },
         {
            trust: 1,
            url: "http://www-1.ibm.com/support/search.wss?rs=0&q=pm00675&apar=only",
         },
         {
            trust: 1,
            url: "https://kb.bluecoat.com/index?page=content&id=sa50",
         },
         {
            trust: 0.8,
            url: "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html",
         },
         {
            trust: 0.8,
            url: "http://cvs.openssl.org/chngview?cn=18790",
         },
         {
            trust: 0.8,
            url: "http://www.links.org/files/no-renegotiation-2.patch",
         },
         {
            trust: 0.8,
            url: "http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html",
         },
         {
            trust: 0.8,
            url: "https://jvn.jp/vu/jvnvu95298925/",
         },
         {
            trust: 0.8,
            url: "http://jvndb.jvn.jp/ja/contents/2009/jvndb-2009-002319.html",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3555",
         },
         {
            trust: 0.8,
            url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-160-01",
         },
         {
            trust: 0.5,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555",
         },
         {
            trust: 0.3,
            url: "http://www.mandriva.com/security/",
         },
         {
            trust: 0.3,
            url: "http://www.mandriva.com/security/advisories",
         },
         {
            trust: 0.3,
            url: "http://www.debian.org/security/",
         },
         {
            trust: 0.3,
            url: "http://www.itrc.hp.com/service/cki/secbullarchive.do",
         },
         {
            trust: 0.3,
            url: "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc",
         },
         {
            trust: 0.3,
            url: "http://h30046.www3.hp.com/subsignin.php",
         },
         {
            trust: 0.2,
            url: "http://secunia.com/products/corporate/evm/",
         },
         {
            trust: 0.2,
            url: "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/",
         },
         {
            trust: 0.2,
            url: "http://secunia.com/advisories/secunia_security_advisories/",
         },
         {
            trust: 0.2,
            url: "http://secunia.com/vulnerability_scanning/personal/",
         },
         {
            trust: 0.2,
            url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org",
         },
         {
            trust: 0.2,
            url: "http://secunia.com/advisories/about_secunia_advisories/",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-3095",
         },
         {
            trust: 0.2,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz",
         },
         {
            trust: 0.2,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz",
         },
         {
            trust: 0.2,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz",
         },
         {
            trust: 0.2,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-3094",
         },
         {
            trust: 0.2,
            url: "http://www.debian.org/security/faq",
         },
         {
            trust: 0.2,
            url: "https://www.hp.com/go/swa",
         },
         {
            trust: 0.1,
            url: "http://marc.info/?l=bugtraq&amp;m=132077688910227&amp;w=2",
         },
         {
            trust: 0.1,
            url: "http://marc.info/?l=bugtraq&amp;m=142660345230545&amp;w=2",
         },
         {
            trust: 0.1,
            url: "http://marc.info/?l=bugtraq&amp;m=127419602507642&amp;w=2",
         },
         {
            trust: 0.1,
            url: "http://marc.info/?l=bugtraq&amp;m=134254866602253&amp;w=2",
         },
         {
            trust: 0.1,
            url: "http://marc.info/?l=bugtraq&amp;m=130497311408250&amp;w=2",
         },
         {
            trust: 0.1,
            url: "http://marc.info/?l=bugtraq&amp;m=133469267822771&amp;w=2",
         },
         {
            trust: 0.1,
            url: "http://marc.info/?l=bugtraq&amp;m=126150535619567&amp;w=2",
         },
         {
            trust: 0.1,
            url: "http://marc.info/?l=bugtraq&amp;m=127128920008563&amp;w=2",
         },
         {
            trust: 0.1,
            url: "http://marc.info/?l=bugtraq&amp;m=127557596201693&amp;w=2",
         },
         {
            trust: 0.1,
            url: "http://www-1.ibm.com/support/search.wss?rs=0&amp;q=pm00675&amp;apar=only",
         },
         {
            trust: 0.1,
            url: "http://slackware.com/security/viewer.php?l=slackware-security&amp;y=2009&amp;m=slackware-security.597446",
         },
         {
            trust: 0.1,
            url: "http://marc.info/?l=apache-httpd-announce&amp;m=125755783724966&amp;w=2",
         },
         {
            trust: 0.1,
            url: "http://marc.info/?l=cryptography&amp;m=125752275331877&amp;w=2",
         },
         {
            trust: 0.1,
            url: "https://kb.bluecoat.com/index?page=content&amp;id=sa50",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/44292/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/research/",
         },
         {
            trust: 0.1,
            url: "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas",
         },
         {
            trust: 0.1,
            url: "https://ca.secunia.com/?page=viewadvisory&vuln_id=44292",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/company/jobs/open_positions/reverse_engineer",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/44292/#comments",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.7.dsc",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.18_all.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.7.diff.gz",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.7_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.3.diff.gz",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.18_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.14-5ubuntu8.2_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.3_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.3_all.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.3.dsc",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14.orig.tar.gz",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11.diff.gz",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.18_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.2_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.18_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.7_all.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.7_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11.dsc",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.7_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2.diff.gz",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.7_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.3_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.7_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.3_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.18_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.18_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.3_all.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.7_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.3_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.11_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.11_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.18_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.3_all.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.2_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.7_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.18.diff.gz",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.2.dsc",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.7_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.7_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.7_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.3_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.3_all.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.3_all.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.2_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.11_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.18.dsc",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.18_i386.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.11_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.18_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.11_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.11_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.11_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.11_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.7_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.11_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.3_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.18_lpia.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.11_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.11_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.3_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.18_amd64.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.2_sparc.deb",
         },
         {
            trust: 0.1,
            url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.3_powerpc.deb",
         },
         {
            trust: 0.1,
            url: "http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslinsecurerenegotiation",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1195",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1890",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2008-2939",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-1890",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2008-1678",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2939",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-1195",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3095",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1891",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1191",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-1191",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1678",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3094",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-1891",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/",
         },
         {
            trust: 0.1,
            url: "http://lists.grok.org.uk/full-disclosure-charter.html",
         },
         {
            trust: 0.1,
            url: "http://www.arubanetworks.com/support.",
         },
         {
            trust: 0.1,
            url: "http://enigmail.mozdev.org/",
         },
         {
            trust: 0.1,
            url: "http://www.arubanetworks.com/support/wsirt.php",
         },
         {
            trust: 0.1,
            url: "http://www.securityfocus.com/archive/1",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2010-0740",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2010-0433",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-4355",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-3245",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-4929",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2014-3566",
         },
         {
            trust: 0.1,
            url: "http://www.openoffice.org/security/cves/cve-2010-0395.html",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/40070/#comments",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/vulnerability_scanning/corporate/webinars/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/40070/",
         },
         {
            trust: 0.1,
            url: "https://ca.secunia.com/?page=viewadvisory&vuln_id=40070",
         },
         {
            trust: 0.1,
            url: "http://bugs.proftpd.org/show_bug.cgi?id=3324",
         },
         {
            trust: 0.1,
            url: "http://www.mandriva.com/en/support/security/",
         },
         {
            trust: 0.1,
            url: "http://www.mandriva.com/en/support/security/advisories/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2013-1619",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1619",
         },
         {
            trust: 0.1,
            url: "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-6a3f2fa832db4ddf9b3398f04c",
         },
         {
            trust: 0.1,
            url: "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-1b189d95582249b58d9ca94c45",
         },
         {
            trust: 0.1,
            url: "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-4311cc1b61fd42a4874b13d714",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2011-2204",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-0033",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-3548",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2011-2526",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-2902",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2011-3190",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-0580",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-2693",
         },
         {
            trust: 0.1,
            url: "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/",
         },
         {
            trust: 0.1,
            url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-0781",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2010-4476",
         },
         {
            trust: 0.1,
            url: "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html",
         },
         {
            trust: 0.1,
            url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2011-1184",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2010-1157",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2011-2729",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2009-2901",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#120541",
         },
         {
            db: "VULHUB",
            id: "VHN-41001",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2011-001632",
         },
         {
            db: "PACKETSTORM",
            id: "100765",
         },
         {
            db: "PACKETSTORM",
            id: "82799",
         },
         {
            db: "PACKETSTORM",
            id: "94088",
         },
         {
            db: "PACKETSTORM",
            id: "83521",
         },
         {
            db: "PACKETSTORM",
            id: "88167",
         },
         {
            db: "PACKETSTORM",
            id: "86075",
         },
         {
            db: "PACKETSTORM",
            id: "97489",
         },
         {
            db: "PACKETSTORM",
            id: "84183",
         },
         {
            db: "PACKETSTORM",
            id: "88387",
         },
         {
            db: "PACKETSTORM",
            id: "131826",
         },
         {
            db: "PACKETSTORM",
            id: "90344",
         },
         {
            db: "PACKETSTORM",
            id: "84181",
         },
         {
            db: "PACKETSTORM",
            id: "120714",
         },
         {
            db: "PACKETSTORM",
            id: "89667",
         },
         {
            db: "PACKETSTORM",
            id: "111920",
         },
         {
            db: "NVD",
            id: "CVE-2009-3555",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CERT/CC",
            id: "VU#120541",
         },
         {
            db: "VULHUB",
            id: "VHN-41001",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2011-001632",
         },
         {
            db: "PACKETSTORM",
            id: "100765",
         },
         {
            db: "PACKETSTORM",
            id: "82799",
         },
         {
            db: "PACKETSTORM",
            id: "94088",
         },
         {
            db: "PACKETSTORM",
            id: "83521",
         },
         {
            db: "PACKETSTORM",
            id: "88167",
         },
         {
            db: "PACKETSTORM",
            id: "86075",
         },
         {
            db: "PACKETSTORM",
            id: "97489",
         },
         {
            db: "PACKETSTORM",
            id: "84183",
         },
         {
            db: "PACKETSTORM",
            id: "88387",
         },
         {
            db: "PACKETSTORM",
            id: "131826",
         },
         {
            db: "PACKETSTORM",
            id: "90344",
         },
         {
            db: "PACKETSTORM",
            id: "84181",
         },
         {
            db: "PACKETSTORM",
            id: "120714",
         },
         {
            db: "PACKETSTORM",
            id: "89667",
         },
         {
            db: "PACKETSTORM",
            id: "111920",
         },
         {
            db: "NVD",
            id: "CVE-2009-3555",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2009-11-11T00:00:00",
            db: "CERT/CC",
            id: "VU#120541",
         },
         {
            date: "2009-11-09T00:00:00",
            db: "VULHUB",
            id: "VHN-41001",
         },
         {
            date: "2011-05-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2011-001632",
         },
         {
            date: "2011-04-24T07:03:17",
            db: "PACKETSTORM",
            id: "100765",
         },
         {
            date: "2009-11-19T18:46:00",
            db: "PACKETSTORM",
            id: "82799",
         },
         {
            date: "2010-09-21T22:55:35",
            db: "PACKETSTORM",
            id: "94088",
         },
         {
            date: "2009-12-07T21:57:59",
            db: "PACKETSTORM",
            id: "83521",
         },
         {
            date: "2010-04-07T02:30:56",
            db: "PACKETSTORM",
            id: "88167",
         },
         {
            date: "2010-02-09T18:53:40",
            db: "PACKETSTORM",
            id: "86075",
         },
         {
            date: "2011-01-13T03:33:06",
            db: "PACKETSTORM",
            id: "97489",
         },
         {
            date: "2009-12-22T20:50:12",
            db: "PACKETSTORM",
            id: "84183",
         },
         {
            date: "2010-04-15T22:26:05",
            db: "PACKETSTORM",
            id: "88387",
         },
         {
            date: "2015-05-08T13:32:34",
            db: "PACKETSTORM",
            id: "131826",
         },
         {
            date: "2010-06-07T16:47:06",
            db: "PACKETSTORM",
            id: "90344",
         },
         {
            date: "2009-12-22T20:42:09",
            db: "PACKETSTORM",
            id: "84181",
         },
         {
            date: "2013-03-08T04:15:53",
            db: "PACKETSTORM",
            id: "120714",
         },
         {
            date: "2010-05-19T05:44:26",
            db: "PACKETSTORM",
            id: "89667",
         },
         {
            date: "2012-04-17T20:41:11",
            db: "PACKETSTORM",
            id: "111920",
         },
         {
            date: "2009-11-09T17:30:00.407000",
            db: "NVD",
            id: "CVE-2009-3555",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2011-07-22T00:00:00",
            db: "CERT/CC",
            id: "VU#120541",
         },
         {
            date: "2023-02-13T00:00:00",
            db: "VULHUB",
            id: "VHN-41001",
         },
         {
            date: "2022-06-13T05:59:00",
            db: "JVNDB",
            id: "JVNDB-2011-001632",
         },
         {
            date: "2023-02-13T02:20:27.983000",
            db: "NVD",
            id: "CVE-2009-3555",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "120714",
         },
      ],
      trust: 0.1,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "SSL and TLS protocols renegotiation vulnerability",
      sources: [
         {
            db: "CERT/CC",
            id: "VU#120541",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "arbitrary",
      sources: [
         {
            db: "PACKETSTORM",
            id: "82799",
         },
         {
            db: "PACKETSTORM",
            id: "94088",
         },
         {
            db: "PACKETSTORM",
            id: "86075",
         },
         {
            db: "PACKETSTORM",
            id: "120714",
         },
      ],
      trust: 0.4,
   },
}