RSS   Podatności dla 'Gnutls'   RSS

2020-04-03
 
CVE-2020-11501

CWE-327
 

 
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

 
2017-08-08
 
CVE-2016-4456

 

 
The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.

 


Copyright 2024, cxsecurity.com

 

Back to Top