Software Detail

Software Informaton Top

Encryption

Software Detail

GnuTLS

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.gnutls.org/
Explanation	GnuTLS is an open source library for the SSL and TLS protocols. The Linux-based library aims to provide a backend for secure and safe communication.
Tag	LGPL 2.1+ オープンソース

Add Information URL

No	Type	Name	URL
1			https://www.gnutls.org/download.html
2			https://www.gnutls.org/security-new.html
3			https://gitlab.com/gnutls/gnutls
4			https://www.gnutls.org/index.html
5			https://gnutls.org/support.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
41	GnuTLS 3.8	3.8.11	Nov. 20, 2025	March 20, 2024		0	3	0
42	GnuTLS 3.7	3.7.11	May 27, 2024	Dec. 2, 2020		2	4	1
43	GnuTLS 3.6	3.6.16	May 24, 2021	Aug. 21, 2017		2	9	5
44	GnuTLS 3.5	3.5.19	July 16, 2018	May 9, 2016		3	10	7
45	GnuTLS 3.4	3.4.17	Dec. 8, 2016	April 8, 2015		0	9	8
46	GnuTLS 3.3	3.3.30	July 16, 2018	April 10, 2014		3	11	10
47	GnuTLS 3.2	3.2.21	Dec. 11, 2014	May 10, 2013	Jan. 1, 1970	3	11	14
48	GnuTLS 3.2	3.2.9				3	11	14
49	GnuTLS 3.1	3.1.9				3	11	15
50	GnuTLS 3.0	3.0.9				3	12	18
51	GnuTLS 2.8	2.8.6				3	13	18
52	GnuTLS 2.7	2.7.6				3	13	20
53	GnuTLS 2.6	2.6.6				3	14	23
54	GnuTLS 2.5	2.5.0				3	14	23
55	GnuTLS 2.4	2.4.3				3	14	23
56	GnuTLS 2.3	2.3.9				3	16	24
57	GnuTLS 2.2	2.2.5				3	15	24
58	GnuTLS 2.12	2.12.9				3	12	18
59	GnuTLS 2.10	2.10.5				3	12	16
60	GnuTLS 2.1	2.1.8				3	15	26
61	GnuTLS 2.0	2.0.4				3	15	24
62	GnuTLS 1.7	1.7.9				3	15	22
63	GnuTLS 1.6	1.6.3				3	15	22
64	GnuTLS 1.5	1.5.5				3	15	23
65	GnuTLS 1.4	1.4.5				3	15	24
66	GnuTLS 1.3	1.3.5				3	15	24
67	GnuTLS 1.2	1.2.9				3	16	25
68	GnuTLS 1.1	1.1.23				3	16	24
69	GnuTLS 1.0	1.0.25				3	17	25

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
41	- 5.0	MEDIUM	The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NU…	CWE-476 NULL Pointer Dereference	CVE-2014-3469	cpe:2.3:a:gnu:gnutls::		3.5.7	2024-11-21 11:08 2014-06-6	Show	GitHub Exploit DB Packet Storm

42	- 7.5	HIGH	The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds ac…	CWE-131 Incorrect Calculation of Buffer Size	CVE-2014-3468	cpe:2.3:a:gnu:gnutls::		3.5.7	2024-11-21 11:08 2014-06-6	Show	GitHub Exploit DB Packet Storm

43	- 5.0	MEDIUM	Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.	NVD-CWE-noinfo	CVE-2014-3467	cpe:2.3:a:gnu:gnutls::		3.5.7	2024-11-21 11:08 2014-06-6	Show	GitHub Exploit DB Packet Storm

44	- 6.8	MEDIUM	Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (me…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2014-3466	cpe:2.3:a:gnu:gnutls:3.3.3:* cpe:2.3:a:gnu:gnutls:3.3.2:* cpe:2.3:a:gnu:gnutls:3.3.1:* cpe:2.3:a:gnu:gnutls:3.…	3.1.24		2024-11-21 11:08 2014-06-3	Show	GitHub Exploit DB Packet Storm

45	- 5.8	MEDIUM	lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-1959	cpe:2.3:a:gnu:gnutls:3.2.9:* cpe:2.3:a:gnu:gnutls:3.2.8:* cpe:2.3:a:gnu:gnutls:3.2.8.1:* cpe:2.3:a:gnu:gnutls:…	3.1.20 3.2.10		2024-11-21 11:05 2014-03-7	Show	GitHub Exploit DB Packet Storm

46	- 5.8	MEDIUM	lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attack…	CWE-310 Cryptographic Issues	CVE-2014-0092	cpe:2.3:a:gnu:gnutls:3.2.9:* cpe:2.3:a:gnu:gnutls:3.2.8:* cpe:2.3:a:gnu:gnutls:3.2.8.1:* cpe:2.3:a:gnu:gnutls:…	3.2.11 3.1.21		2024-11-21 11:01 2014-03-7	Show	GitHub Exploit DB Packet Storm

47	- 5.8	MEDIUM	GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restric…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2009-5138	cpe:2.3:a:gnu:gnutls:2.7.4:* cpe:2.3:a:gnu:gnutls:2.7.3:* cpe:2.3:a:gnu:gnutls:2.7.2:* cpe:2.3:a:gnu:gnutls:2.…	2.7.5		2024-11-21 10:11 2014-03-7	Show	GitHub Exploit DB Packet Storm

48	- 5.0	MEDIUM	Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a r…	CWE-189 Numeric Errors	CVE-2013-4487	cpe:2.3:a:gnu:gnutls:3.2.5:* cpe:2.3:a:gnu:gnutls:3.2.4:* cpe:2.3:a:gnu:gnutls:3.2.3:* cpe:2.3:a:gnu:gnutls:3.…			2024-11-21 10:55 2013-11-20	Show	GitHub Exploit DB Packet Storm

49	- 5.0	MEDIUM	Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruptio…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2013-4466	cpe:2.3:a:gnu:gnutls:3.2.4:* cpe:2.3:a:gnu:gnutls:3.2.3:* cpe:2.3:a:gnu:gnutls:3.2.2:* cpe:2.3:a:gnu:gnutls:3.…			2024-11-21 10:55 2013-11-20	Show	GitHub Exploit DB Packet Storm

50	- 5.0	MEDIUM	The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NO…	CWE-20 Improper Input Validation	CVE-2013-2116	cpe:2.3:a:gnu:gnutls:2.12.23:*			2024-11-21 10:51 2013-07-4	Show	GitHub Exploit DB Packet Storm