Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
GnuTLS Number Of NVD 72 CRITICAL 7 HIGH 29 MEDIUM 36 LOW 0
URL https://www.gnutls.org/
Explanation GnuTLS is an open source library for the SSL and TLS protocols.
The Linux-based library aims to provide a backend for secure and safe communication.
Tag
  • LGPL 2.1+
  • オープンソース

Add Information URL
No Type Name URL
1 https://www.gnutls.org/download.html
2 https://www.gnutls.org/security-new.html
3 https://gitlab.com/gnutls/gnutls
4 https://www.gnutls.org/index.html
5 https://gnutls.org/support.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
51 GnuTLS 3.8 3.8.11 Nov. 20, 2025 March 20, 2024 0 3 0 0
52 GnuTLS 3.7 3.7.11 May 27, 2024 Dec. 2, 2020 2 4 1 0
53 GnuTLS 3.6 3.6.16 May 24, 2021 Aug. 21, 2017 2 9 5 0
54 GnuTLS 3.5 3.5.19 July 16, 2018 May 9, 2016 3 10 7 0
55 GnuTLS 3.4 3.4.17 Dec. 8, 2016 April 8, 2015 0 9 8 0
56 GnuTLS 3.3 3.3.30 July 16, 2018 April 10, 2014 3 11 10 0
57 GnuTLS 3.2 3.2.21 Dec. 11, 2014 May 10, 2013 Jan. 1, 1970 3 11 14 0
58 GnuTLS 3.2 3.2.9 3 11 14 0
59 GnuTLS 3.1 3.1.9 3 11 15 0
60 GnuTLS 3.0 3.0.9 3 12 18 0
61 GnuTLS 2.8 2.8.6 3 13 18 0
62 GnuTLS 2.7 2.7.6 3 13 20 0
63 GnuTLS 2.6 2.6.6 3 14 23 0
64 GnuTLS 2.5 2.5.0 3 14 23 0
65 GnuTLS 2.4 2.4.3 3 14 23 0
66 GnuTLS 2.3 2.3.9 3 16 24 0
67 GnuTLS 2.2 2.2.5 3 15 24 0
68 GnuTLS 2.12 2.12.9 3 12 18 0
69 GnuTLS 2.10 2.10.5 3 12 16 0
70 GnuTLS 2.1 2.1.8 3 15 26 0
71 GnuTLS 2.0 2.0.4 3 15 24 0
72 GnuTLS 1.7 1.7.9 3 15 22 0
73 GnuTLS 1.6 1.6.3 3 15 22 0
74 GnuTLS 1.5 1.5.5 3 15 23 0
75 GnuTLS 1.4 1.4.5 3 15 24 0
76 GnuTLS 1.3 1.3.5 3 15 24 0
77 GnuTLS 1.2 1.2.9 3 16 25 0
78 GnuTLS 1.1 1.1.23 3 16 24 0
79 GnuTLS 1.0 1.0.25 3 17 25 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
51 -
4.0
MEDIUM The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the pr… CWE-310
Cryptographic Issues
CVE-2013-1619 cpe:2.3:a:gnu:gnutls:3.1.6:*
cpe:2.3:a:gnu:gnutls:3.1.5:*
cpe:2.3:a:gnu:gnutls:3.1.4:*
cpe:2.3:a:gnu:gnutls:3.…
2024-11-21 10:50
2013-02-9
Show GitHub Exploit DB Packet Storm
52 -
5.0
MEDIUM gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (he… CWE-310
Cryptographic Issues
CVE-2012-1573 cpe:2.3:a:gnu:gnutls:3.0:*
cpe:2.3:a:gnu:gnutls:3.0.9:*
cpe:2.3:a:gnu:gnutls:3.0.8:*
cpe:2.3:a:gnu:gnutls:3.0.…
2.12.16 2024-11-21 10:37
2012-03-27
Show GitHub Exploit DB Packet Storm
53 -
5.0
MEDIUM The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remo… CWE-189
Numeric Errors
CVE-2012-1569 cpe:2.3:a:gnu:gnutls:3.0:*
cpe:2.3:a:gnu:gnutls:3.0.9:*
cpe:2.3:a:gnu:gnutls:3.0.8:*
cpe:2.3:a:gnu:gnutls:3.0.…
3.0.15 2024-11-21 10:37
2012-03-27
Show GitHub Exploit DB Packet Storm
54 -
7.5
HIGH Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certifi… CWE-399
 Resource Management Errors
CVE-2012-1663 cpe:2.3:a:gnu:gnutls:3.0:*
cpe:2.3:a:gnu:gnutls:3.0.9:*
cpe:2.3:a:gnu:gnutls:3.0.8:*
cpe:2.3:a:gnu:gnutls:3.0.…
3.0.13 2024-11-21 10:37
2012-03-14
Show GitHub Exploit DB Packet Storm
55 -
4.3
MEDIUM The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it eas… CWE-310
Cryptographic Issues
CVE-2012-0390 cpe:2.3:a:gnu:gnutls:3.0.9:*
cpe:2.3:a:gnu:gnutls:3.0.8:*
cpe:2.3:a:gnu:gnutls:3.0.7:*
cpe:2.3:a:gnu:gnutls:3.…
3.0.10 2024-11-21 10:34
2012-01-6
Show GitHub Exploit DB Packet Storm
56 -
4.3
MEDIUM Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumptio… CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2011-4128 cpe:2.3:a:gnu:gnutls:3.0.6:*
cpe:2.3:a:gnu:gnutls:3.0.5:*
cpe:2.3:a:gnu:gnutls:3.0.4:*
cpe:2.3:a:gnu:gnutls:3.…
2024-11-21 10:31
2011-12-9
Show GitHub Exploit DB Packet Storm
57 -
5.0
MEDIUM The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a … CWE-310
Cryptographic Issues
CVE-2006-7239 cpe:2.3:a:gnu:gnutls:1.4.0:*
cpe:2.3:a:gnu:gnutls:1.3.5:*
cpe:2.3:a:gnu:gnutls:1.3.4:*
cpe:2.3:a:gnu:gnutls:1.…
1.4.1 2023-02-13 11:17
2010-05-25
Show GitHub Exploit DB Packet Storm
58 -
7.5
HIGH The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong… CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2010-0731 cpe:2.3:a:gnu:gnutls:1.1.23:*
cpe:2.3:a:gnu:gnutls:1.1.22:*
cpe:2.3:a:gnu:gnutls:1.1.21:*
cpe:2.3:a:gnu:gnutls…
1.2.0 2017-09-19 10:30
2010-03-27
Show GitHub Exploit DB Packet Storm
59 -
5.8
MEDIUM The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9… CWE-295
Improper Certificate Validation 
CVE-2009-3555 cpe:2.3:a:gnu:gnutls:*:* 2.8.5 2026-04-23 09:35
2009-11-10
Show GitHub Exploit DB Packet Storm
60 -
7.5
HIGH libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, … CWE-310
Cryptographic Issues
CVE-2009-2730 cpe:2.3:a:gnu:gnutls:2.8.0:*
cpe:2.3:a:gnu:gnutls:2.6.6:*
cpe:2.3:a:gnu:gnutls:2.6.5:*
cpe:2.3:a:gnu:gnutls:2.…
2.8.1 2026-04-23 09:35
2009-08-12
Show GitHub Exploit DB Packet Storm