Vulnerabilities > GNU > Gnutls > 3.5.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-14 | CVE-2017-7869 | Out-of-bounds Write vulnerability in GNU Gnutls GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. | 5.0 |
2017-03-24 | CVE-2017-5337 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | 7.5 |
2017-03-24 | CVE-2017-5336 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. | 7.5 |
2017-03-24 | CVE-2017-5335 | Out-of-bounds Read vulnerability in multiple products The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. | 5.0 |
2017-03-24 | CVE-2017-5334 | Double Free vulnerability in multiple products Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. | 7.5 |
2014-06-05 | CVE-2014-3469 | Null Pointer Dereference vulnerability in multiple products The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. | 5.0 |
2014-06-05 | CVE-2014-3468 | Incorrect Calculation of Buffer Size vulnerability in multiple products The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. | 7.5 |
2014-06-05 | CVE-2014-3467 | Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. | 5.0 |