Software Detail

Software Informaton Top

Encryption

Software Detail

GnuTLS

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.gnutls.org/
Explanation	GnuTLS is an open source library for the SSL and TLS protocols. The Linux-based library aims to provide a backend for secure and safe communication.
Tag	LGPL 2.1+ オープンソース

Add Information URL

No	Type	Name	URL
1			https://www.gnutls.org/download.html
2			https://www.gnutls.org/security-new.html
3			https://gitlab.com/gnutls/gnutls
4			https://www.gnutls.org/index.html
5			https://gnutls.org/support.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
31	GnuTLS 3.8	3.8.11	Nov. 20, 2025	March 20, 2024		0	3	0
32	GnuTLS 3.7	3.7.11	May 27, 2024	Dec. 2, 2020		2	4	1
33	GnuTLS 3.6	3.6.16	May 24, 2021	Aug. 21, 2017		2	9	5
34	GnuTLS 3.5	3.5.19	July 16, 2018	May 9, 2016		3	10	7
35	GnuTLS 3.4	3.4.17	Dec. 8, 2016	April 8, 2015		0	9	8
36	GnuTLS 3.3	3.3.30	July 16, 2018	April 10, 2014		3	11	10
37	GnuTLS 3.2	3.2.21	Dec. 11, 2014	May 10, 2013	Jan. 1, 1970	3	11	14
38	GnuTLS 3.2	3.2.9				3	11	14
39	GnuTLS 3.1	3.1.9				3	11	15
40	GnuTLS 3.0	3.0.9				3	12	18
41	GnuTLS 2.8	2.8.6				3	13	18
42	GnuTLS 2.7	2.7.6				3	13	20
43	GnuTLS 2.6	2.6.6				3	14	23
44	GnuTLS 2.5	2.5.0				3	14	23
45	GnuTLS 2.4	2.4.3				3	14	23
46	GnuTLS 2.3	2.3.9				3	16	24
47	GnuTLS 2.2	2.2.5				3	15	24
48	GnuTLS 2.12	2.12.9				3	12	18
49	GnuTLS 2.10	2.10.5				3	12	16
50	GnuTLS 2.1	2.1.8				3	15	26
51	GnuTLS 2.0	2.0.4				3	15	24
52	GnuTLS 1.7	1.7.9				3	15	22
53	GnuTLS 1.6	1.6.3				3	15	22
54	GnuTLS 1.5	1.5.5				3	15	23
55	GnuTLS 1.4	1.4.5				3	15	24
56	GnuTLS 1.3	1.3.5				3	15	24
57	GnuTLS 1.2	1.2.9				3	16	25
58	GnuTLS 1.1	1.1.23				3	16	24
59	GnuTLS 1.0	1.0.25				3	17	25

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
31	9.8 7.5	CRITICAL Network	Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted Op…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2017-5336	cpe:2.3:a:gnu:gnutls:3.5.7:* cpe:2.3:a:gnu:gnutls:3.5.6:* cpe:2.3:a:gnu:gnutls:3.5.5:* cpe:2.3:a:gnu:gnutls:3.…	3.3.25	2024-11-21 12:27 2017-03-25	Show	GitHub Exploit DB Packet Storm

32	7.5 5.0	HIGH Network	The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a craf…	CWE-125 Out-of-bounds Read	CVE-2017-5335	cpe:2.3:a:gnu:gnutls:3.5.7:* cpe:2.3:a:gnu:gnutls:3.5.6:* cpe:2.3:a:gnu:gnutls:3.5.5:* cpe:2.3:a:gnu:gnutls:3.…	3.3.25	2024-11-21 12:27 2017-03-25	Show	GitHub Exploit DB Packet Storm

33	9.8 7.5	CRITICAL Network	Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language in…	CWE-415 Double Free	CVE-2017-5334	cpe:2.3:a:gnu:gnutls:3.5.7:* cpe:2.3:a:gnu:gnutls:3.5.6:* cpe:2.3:a:gnu:gnutls:3.5.5:* cpe:2.3:a:gnu:gnutls:3.…	3.3.25	2024-11-21 12:27 2017-03-25	Show	GitHub Exploit DB Packet Storm

34	7.5 5.0	HIGH Network	The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-7444	cpe:2.3:a:gnu:gnutls:3.5.3:* cpe:2.3:a:gnu:gnutls:3.5.2:* cpe:2.3:a:gnu:gnutls:3.5.1:* cpe:2.3:a:gnu:gnutls:3.…	3.4.14	2024-11-21 11:58 2016-09-28	Show	GitHub Exploit DB Packet Storm

35	- 7.5	HIGH	Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution …	NVD-CWE-Other	CVE-2015-3308	cpe:2.3:a:gnu:gnutls::	3.3.13	2024-11-21 11:29 2015-09-2	Show	GitHub Exploit DB Packet Storm

36	- 5.0	MEDIUM	Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.	NVD-CWE-Other	CVE-2015-6251	cpe:2.3:a:gnu:gnutls:3.4.3:* cpe:2.3:a:gnu:gnutls:3.4.2:* cpe:2.3:a:gnu:gnutls:3.4.1:* cpe:2.3:a:gnu:gnutls:3.…		2024-11-21 11:34 2015-08-24	Show	GitHub Exploit DB Packet Storm

37	- 4.3	MEDIUM	GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate tha…	CWE-17 Code	CVE-2014-8155	cpe:2.3:a:gnu:gnutls::	2.9.9	2024-11-21 11:18 2015-08-15	Show	GitHub Exploit DB Packet Storm

38	- 5.0	MEDIUM	GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspeci…	CWE-310 Cryptographic Issues	CVE-2015-0282	cpe:2.3:a:gnu:gnutls::	3.0.9	2024-11-21 11:22 2015-03-25	Show	GitHub Exploit DB Packet Storm

39	- 5.0	MEDIUM	The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds…	CWE-310 Cryptographic Issues	CVE-2014-8564	cpe:2.3:a:gnu:gnutls:3.3.9:* cpe:2.3:a:gnu:gnutls:3.3.8:* cpe:2.3:a:gnu:gnutls:3.3.7:* cpe:2.3:a:gnu:gnutls:3.…		2024-11-21 11:19 2014-11-14	Show	GitHub Exploit DB Packet Storm

40	- 5.0	MEDIUM	The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cra…	NVD-CWE-Other	CVE-2014-3465	cpe:2.3:a:gnu:gnutls:3.2.9:* cpe:2.3:a:gnu:gnutls:3.2.8:* cpe:2.3:a:gnu:gnutls:3.2.8.1:* cpe:2.3:a:gnu:gnutls:…		2024-11-21 11:08 2014-06-10	Show	GitHub Exploit DB Packet Storm