Software Detail

Software Informaton Top

Encryption

Software Detail

GnuTLS

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.gnutls.org/
Explanation	GnuTLS is an open source library for the SSL and TLS protocols. The Linux-based library aims to provide a backend for secure and safe communication.
Tag	LGPL 2.1+ オープンソース

Add Information URL

No	Type	Name	URL
1			https://www.gnutls.org/download.html
2			https://www.gnutls.org/security-new.html
3			https://gitlab.com/gnutls/gnutls
4			https://www.gnutls.org/index.html
5			https://gnutls.org/support.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
61	GnuTLS 3.8	3.8.11	Nov. 20, 2025	March 20, 2024		0	3	0
62	GnuTLS 3.7	3.7.11	May 27, 2024	Dec. 2, 2020		2	4	1
63	GnuTLS 3.6	3.6.16	May 24, 2021	Aug. 21, 2017		2	9	5
64	GnuTLS 3.5	3.5.19	July 16, 2018	May 9, 2016		3	10	7
65	GnuTLS 3.4	3.4.17	Dec. 8, 2016	April 8, 2015		0	9	8
66	GnuTLS 3.3	3.3.30	July 16, 2018	April 10, 2014		3	11	10
67	GnuTLS 3.2	3.2.21	Dec. 11, 2014	May 10, 2013	Jan. 1, 1970	3	11	14
68	GnuTLS 3.2	3.2.9				3	11	14
69	GnuTLS 3.1	3.1.9				3	11	15
70	GnuTLS 3.0	3.0.9				3	12	18
71	GnuTLS 2.8	2.8.6				3	13	18
72	GnuTLS 2.7	2.7.6				3	13	20
73	GnuTLS 2.6	2.6.6				3	14	23
74	GnuTLS 2.5	2.5.0				3	14	23
75	GnuTLS 2.4	2.4.3				3	14	23
76	GnuTLS 2.3	2.3.9				3	16	24
77	GnuTLS 2.2	2.2.5				3	15	24
78	GnuTLS 2.12	2.12.9				3	12	18
79	GnuTLS 2.10	2.10.5				3	12	16
80	GnuTLS 2.1	2.1.8				3	15	26
81	GnuTLS 2.0	2.0.4				3	15	24
82	GnuTLS 1.7	1.7.9				3	15	22
83	GnuTLS 1.6	1.6.3				3	15	22
84	GnuTLS 1.5	1.5.5				3	15	23
85	GnuTLS 1.4	1.4.5				3	15	24
86	GnuTLS 1.3	1.3.5				3	15	24
87	GnuTLS 1.2	1.2.9				3	16	25
88	GnuTLS 1.1	1.1.23				3	16	24
89	GnuTLS 1.0	1.0.25				3	17	25

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
61	- 5.1	MEDIUM	The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, whi…	CWE-295 Improper Certificate Validation	CVE-2009-2409	cpe:2.3:a:gnu:gnutls::	2.7.0		2.6.4 2.7.4	2026-04-23 09:35 2009-07-31	Show	GitHub Exploit DB Packet Storm

62	- 5.0	MEDIUM	gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet va…	CWE-310 Cryptographic Issues	CVE-2009-1417	cpe:2.3:a:gnu:gnutls:2.6.4:* cpe:2.3:a:gnu:gnutls:2.6.3:* cpe:2.3:a:gnu:gnutls:2.6.2:* cpe:2.3:a:gnu:gnutls:2.…		2.6.5		2026-04-23 09:35 2009-05-1	Show	GitHub Exploit DB Packet Storm

63	- 7.5	HIGH	lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on cer…	CWE-310 Cryptographic Issues	CVE-2009-1416	cpe:2.3:a:gnu:gnutls:2.6.5:* cpe:2.3:a:gnu:gnutls:2.6.4:* cpe:2.3:a:gnu:gnutls:2.6.3:* cpe:2.3:a:gnu:gnutls:2.…				2026-04-23 09:35 2009-05-1	Show	GitHub Exploit DB Packet Storm

64	- 4.3	MEDIUM	lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly hav…	CWE-824 Access of Uninitialized Pointer	CVE-2009-1415	cpe:2.3:a:gnu:gnutls::			2.6.6	2026-04-23 09:35 2009-05-1	Show	GitHub Exploit DB Packet Storm

65	5.9 4.3	MEDIUM Network	The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed cert…	CWE-295 Improper Certificate Validation	CVE-2008-4989	cpe:2.3:a:gnu:gnutls::			2.6.1	2026-04-23 09:35 2008-11-13	Show	GitHub Exploit DB Packet Storm

66	- 7.6	HIGH	Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of ser…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2008-2377	cpe:2.3:a:gnu:gnutls:2.4.0:* cpe:2.3:a:gnu:gnutls:2.3.9:* cpe:2.3:a:gnu:gnutls:2.3.8:* cpe:2.3:a:gnu:gnutls:2.…				2026-04-23 09:35 2008-08-9	Show	GitHub Exploit DB Packet Storm

67	- 10.0	HIGH	The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hel…	CWE-189 Numeric Errors	CVE-2008-1948	cpe:2.3:a:gnu:gnutls:2.3.9:* cpe:2.3:a:gnu:gnutls:2.3.8:* cpe:2.3:a:gnu:gnutls:2.3.7:* cpe:2.3:a:gnu:gnutls:2.…				2026-04-23 09:35 2008-05-21	Show	GitHub Exploit DB Packet Storm

68	- 9.3	HIGH	The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already…	CWE-287 Improper Authentication	CVE-2008-1949	cpe:2.3:a:gnu:gnutls:2.3.9:* cpe:2.3:a:gnu:gnutls:2.3.8:* cpe:2.3:a:gnu:gnutls:2.3.7:* cpe:2.3:a:gnu:gnutls:2.…				2026-04-23 09:35 2008-05-21	Show	GitHub Exploit DB Packet Storm

69	- 5.0	MEDIUM	Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-rea…	CWE-189 Numeric Errors	CVE-2008-1950	cpe:2.3:a:gnu:gnutls:2.3.9:* cpe:2.3:a:gnu:gnutls:2.3.8:* cpe:2.3:a:gnu:gnutls:2.3.7:* cpe:2.3:a:gnu:gnutls:2.…				2026-04-23 09:35 2008-05-21	Show	GitHub Exploit DB Packet Storm

70	- 5.0	MEDIUM	verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attack…	NVD-CWE-Other	CVE-2006-4790	cpe:2.3:a:gnu:gnutls:1.4.1:* cpe:2.3:a:gnu:gnutls:1.4.0:* cpe:2.3:a:gnu:gnutls:1.3.5:* cpe:2.3:a:gnu:gnutls:1.…				2017-10-11 10:31 2006-09-15	Show	GitHub Exploit DB Packet Storm