Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
GnuTLS Number Of NVD 72 CRITICAL 7 HIGH 29 MEDIUM 36 LOW 0
URL https://www.gnutls.org/
Explanation GnuTLS is an open source library for the SSL and TLS protocols.
The Linux-based library aims to provide a backend for secure and safe communication.
Tag
  • オープンソース
  • LGPL 2.1+
Add Information URL
No Type Name URL
1 https://www.gnutls.org/download.html
2 https://www.gnutls.org/security-new.html
3 https://gitlab.com/gnutls/gnutls
4 https://www.gnutls.org/index.html
5 https://gnutls.org/support.html
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
21 GnuTLS 3.8 3.8.11 Nov. 20, 2025 March 20, 2024 0 3 0 0
22 GnuTLS 3.7 3.7.11 May 27, 2024 Dec. 2, 2020 2 4 1 0
23 GnuTLS 3.6 3.6.16 May 24, 2021 Aug. 21, 2017 2 9 5 0
24 GnuTLS 3.5 3.5.19 July 16, 2018 May 9, 2016 3 10 7 0
25 GnuTLS 3.4 3.4.17 Dec. 8, 2016 April 8, 2015 0 9 8 0
26 GnuTLS 3.3 3.3.30 July 16, 2018 April 10, 2014 3 11 10 0
27 GnuTLS 3.2 3.2.21 Dec. 11, 2014 May 10, 2013 Jan. 1, 1970 3 11 14 0
28 GnuTLS 3.2 3.2.9 3 11 14 0
29 GnuTLS 3.1 3.1.9 3 11 15 0
30 GnuTLS 3.0 3.0.9 3 12 18 0
31 GnuTLS 2.8 2.8.6 3 13 18 0
32 GnuTLS 2.7 2.7.6 3 13 20 0
33 GnuTLS 2.6 2.6.6 3 14 23 0
34 GnuTLS 2.5 2.5.0 3 14 23 0
35 GnuTLS 2.4 2.4.3 3 14 23 0
36 GnuTLS 2.3 2.3.9 3 16 24 0
37 GnuTLS 2.2 2.2.5 3 15 24 0
38 GnuTLS 2.12 2.12.9 3 12 18 0
39 GnuTLS 2.10 2.10.5 3 12 16 0
40 GnuTLS 2.1 2.1.8 3 15 26 0
41 GnuTLS 2.0 2.0.4 3 15 24 0
42 GnuTLS 1.7 1.7.9 3 15 22 0
43 GnuTLS 1.6 1.6.3 3 15 22 0
44 GnuTLS 1.5 1.5.5 3 15 23 0
45 GnuTLS 1.4 1.4.5 3 15 24 0
46 GnuTLS 1.3 1.3.5 3 15 24 0
47 GnuTLS 1.2 1.2.9 3 16 25 0
48 GnuTLS 1.1 1.1.23 3 16 24 0
49 GnuTLS 1.0 1.0.25 3 17 25 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
21 7.5
5.0 		HIGH
Network 		It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. CWE-824
 Access of Uninitialized Pointer 		CVE-2019-3836 cpe:2.3:a:gnu:gnutls:*:* 3.6.3 3.6.7 2024-11-21 13:42
2019-04-2 		Show GitHub Exploit DB Packet Storm
22 7.5
5.0 		HIGH
Network 		A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifi… CWE-415
CWE-416
 Double Free
 Use After Free 		CVE-2019-3829 cpe:2.3:a:gnu:gnutls:*:* 3.5.8 3.6.7 2024-11-21 13:42
2019-03-28 		Show GitHub Exploit DB Packet Storm
23 5.6
3.3 		MEDIUM
Physics 		A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same p… CWE-203
 Information Exposure Through Discrepancy 		CVE-2018-16868 cpe:2.3:a:gnu:gnutls:*:* 3.6.4 2024-11-21 12:53
2018-12-3 		Show GitHub Exploit DB Packet Storm
24 5.6
1.9 		MEDIUM
Local 		A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in… - CVE-2018-10846 cpe:2.3:a:gnu:gnutls:*:* 3.6.12 2024-11-21 12:42
2018-08-22 		Show GitHub Exploit DB Packet Storm
25 5.9
4.3 		MEDIUM
Network 		It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text reco… - CVE-2018-10845 cpe:2.3:a:gnu:gnutls:*:* 3.6.12 2024-11-21 12:42
2018-08-22 		Show GitHub Exploit DB Packet Storm
26 5.9
4.3 		MEDIUM
Network 		It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recov… - CVE-2018-10844 cpe:2.3:a:gnu:gnutls:*:* 3.6.12 2024-11-21 12:42
2018-08-22 		Show GitHub Exploit DB Packet Storm
27 7.5
5.0 		HIGH
Network 		The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. CWE-20
 Improper Input Validation  		CVE-2016-4456 cpe:2.3:a:gnu:gnutls:3.4.12:* 2024-11-21 11:52
2017-08-9 		Show GitHub Exploit DB Packet Storm
28 7.5
5.0 		HIGH
Network 		GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server appli… CWE-476
 NULL Pointer Dereference 		CVE-2017-7507 cpe:2.3:a:gnu:gnutls:*:* 3.5.12 2024-11-21 12:32
2017-06-17 		Show GitHub Exploit DB Packet Storm
29 7.5
5.0 		HIGH
Network 		GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a … CWE-787
 Out-of-bounds Write 		CVE-2017-7869 cpe:2.3:a:gnu:gnutls:*:* 3.5.9 2024-11-21 12:32
2017-04-14 		Show GitHub Exploit DB Packet Storm
30 9.8
7.5 		CRITICAL
Network 		Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2017-5337 cpe:2.3:a:gnu:gnutls:3.5.7:*
cpe:2.3:a:gnu:gnutls:3.5.6:*
cpe:2.3:a:gnu:gnutls:3.5.5:*
cpe:2.3:a:gnu:gnutls:3.… 		3.3.25 2024-11-21 12:27
2017-03-25 		Show GitHub Exploit DB Packet Storm