Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
GnuTLS Number Of NVD 72 CRITICAL 7 HIGH 29 MEDIUM 36 LOW 0
URL https://www.gnutls.org/
Explanation GnuTLS is an open source library for the SSL and TLS protocols.
The Linux-based library aims to provide a backend for secure and safe communication.
Tag
  • オープンソース
  • LGPL 2.1+
Add Information URL
No Type Name URL
1 https://www.gnutls.org/download.html
2 https://www.gnutls.org/security-new.html
3 https://gitlab.com/gnutls/gnutls
4 https://www.gnutls.org/index.html
5 https://gnutls.org/support.html
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
11 GnuTLS 3.8 3.8.11 Nov. 20, 2025 March 20, 2024 0 3 0 0
12 GnuTLS 3.7 3.7.11 May 27, 2024 Dec. 2, 2020 2 4 1 0
13 GnuTLS 3.6 3.6.16 May 24, 2021 Aug. 21, 2017 2 9 5 0
14 GnuTLS 3.5 3.5.19 July 16, 2018 May 9, 2016 3 10 7 0
15 GnuTLS 3.4 3.4.17 Dec. 8, 2016 April 8, 2015 0 9 8 0
16 GnuTLS 3.3 3.3.30 July 16, 2018 April 10, 2014 3 11 10 0
17 GnuTLS 3.2 3.2.21 Dec. 11, 2014 May 10, 2013 Jan. 1, 1970 3 11 14 0
18 GnuTLS 3.2 3.2.9 3 11 14 0
19 GnuTLS 3.1 3.1.9 3 11 15 0
20 GnuTLS 3.0 3.0.9 3 12 18 0
21 GnuTLS 2.8 2.8.6 3 13 18 0
22 GnuTLS 2.7 2.7.6 3 13 20 0
23 GnuTLS 2.6 2.6.6 3 14 23 0
24 GnuTLS 2.5 2.5.0 3 14 23 0
25 GnuTLS 2.4 2.4.3 3 14 23 0
26 GnuTLS 2.3 2.3.9 3 16 24 0
27 GnuTLS 2.2 2.2.5 3 15 24 0
28 GnuTLS 2.12 2.12.9 3 12 18 0
29 GnuTLS 2.10 2.10.5 3 12 16 0
30 GnuTLS 2.1 2.1.8 3 15 26 0
31 GnuTLS 2.0 2.0.4 3 15 24 0
32 GnuTLS 1.7 1.7.9 3 15 22 0
33 GnuTLS 1.6 1.6.3 3 15 22 0
34 GnuTLS 1.5 1.5.5 3 15 23 0
35 GnuTLS 1.4 1.4.5 3 15 24 0
36 GnuTLS 1.3 1.3.5 3 15 24 0
37 GnuTLS 1.2 1.2.9 3 16 25 0
38 GnuTLS 1.1 1.1.23 3 16 24 0
39 GnuTLS 1.0 1.0.25 3 17 25 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
11 7.4
- 		HIGH
Network 		A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a netwo… CWE-203
 Information Exposure Through Discrepancy 		CVE-2023-0361 cpe:2.3:a:gnu:gnutls:3.6.8-11.el8_2:* 2024-11-21 16:37
2023-02-16 		Show GitHub Exploit DB Packet Storm
12 6.5
- 		MEDIUM
Network 		A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of… CWE-476
 NULL Pointer Dereference 		CVE-2021-4209 cpe:2.3:a:gnu:gnutls:*:* 3.7.3 2024-11-21 15:37
2022-08-25 		Show GitHub Exploit DB Packet Storm
13 7.5
- 		HIGH
Network 		A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. CWE-415
 Double Free 		CVE-2022-2509 cpe:2.3:a:gnu:gnutls:*:* 3.7.7 2024-11-21 16:01
2022-08-1 		Show GitHub Exploit DB Packet Storm
14 9.8
7.5 		CRITICAL
Network 		A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. - CVE-2021-20232 cpe:2.3:a:gnu:gnutls:*:* 3.6.3 3.7.1 2024-11-21 14:46
2021-03-13 		Show GitHub Exploit DB Packet Storm
15 9.8
7.5 		CRITICAL
Network 		A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. - CVE-2021-20231 cpe:2.3:a:gnu:gnutls:*:* 3.6.3 3.7.1 2024-11-21 14:46
2021-03-13 		Show GitHub Exploit DB Packet Storm
16 7.5
5.0 		HIGH
Network 		An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid se… CWE-787
CWE-476
 Out-of-bounds Write
 NULL Pointer Dereference 		CVE-2020-24659 cpe:2.3:a:gnu:gnutls:*:* 3.6.15 2024-11-21 14:15
2020-09-5 		Show GitHub Exploit DB Packet Storm
17 7.4
5.8 		HIGH
Network 		GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version i… CWE-327
 Use of a Broken or Risky Cryptographic Algorithm 		CVE-2020-13777 cpe:2.3:a:gnu:gnutls:*:* 3.6.0 3.6.14 2024-11-21 14:01
2020-06-4 		Show GitHub Exploit DB Packet Storm
18 7.4
5.8 		HIGH
Network 		GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' by… CWE-330
 Use of Insufficiently Random Values 		CVE-2020-11501 cpe:2.3:a:gnu:gnutls:*:* 3.6.3 3.6.13 2024-11-21 13:58
2020-04-3 		Show GitHub Exploit DB Packet Storm
19 7.5
5.0 		HIGH
Network 		GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. CWE-295
Improper Certificate Validation  		CVE-2015-0294 cpe:2.3:a:gnu:gnutls:*:* 3.3.13 2024-11-21 11:22
2020-01-28 		Show GitHub Exploit DB Packet Storm
20 5.9
4.3 		MEDIUM
Network 		GnuTLS incorrectly validates the first byte of padding in CBC modes CWE-203
 Information Exposure Through Discrepancy 		CVE-2015-8313 cpe:2.3:a:gnu:gnutls:*:* 2.0.0 2.12.24 2024-11-21 11:38
2019-12-20 		Show GitHub Exploit DB Packet Storm