Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-1569

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-26 Mar, 2012 | 19:00
Updated At-06 Aug, 2024 | 19:01
Rejected At-
Credits

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:26 Mar, 2012 | 19:00
Updated At:06 Aug, 2024 | 19:01
Rejected At:
â–¼CVE Numbering Authority (CNA)

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/57260
third-party-advisory
x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-0427.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/48578
third-party-advisory
x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-0531.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/49002
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
vendor-advisory
x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2012/03/20/8
mailing-list
x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2012/03/21/5
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/48488
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1436-1
vendor-advisory
x_refsource_UBUNTU
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
vendor-advisory
x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
vendor-advisory
x_refsource_FEDORA
http://www.gnu.org/software/gnutls/security.html
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=804920
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-0488.html
vendor-advisory
x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
vendor-advisory
x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
vendor-advisory
x_refsource_SUSE
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932
mailing-list
x_refsource_MLIST
http://www.securitytracker.com/id?1026829
vdb-entry
x_refsource_SECTRACK
http://linux.oracle.com/errata/ELSA-2014-0596.html
x_refsource_CONFIRM
http://secunia.com/advisories/48596
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/50739
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/48397
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/48505
third-party-advisory
x_refsource_SECUNIA
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
x_refsource_MISC
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53
mailing-list
x_refsource_MLIST
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54
mailing-list
x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2012/03/20/3
mailing-list
x_refsource_MLIST
http://www.debian.org/security/2012/dsa-2440
vendor-advisory
x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2012:039
vendor-advisory
x_refsource_MANDRIVA
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html
vendor-advisory
x_refsource_FEDORA
http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
mailing-list
x_refsource_BUGTRAQ
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/57260
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0427.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/48578
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0531.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/49002
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/20/8
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/21/5
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/48488
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/USN-1436-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.gnu.org/software/gnutls/security.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=804920
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0488.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securitytracker.com/id?1026829
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://linux.oracle.com/errata/ELSA-2014-0596.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/48596
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/50739
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/48397
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/48505
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
Resource:
x_refsource_MISC
Hyperlink: http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/20/3
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.debian.org/security/2012/dsa-2440
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:039
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html
Resource:
vendor-advisory
x_refsource_FEDORA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/57260
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0427.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/48578
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0531.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/49002
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.openwall.com/lists/oss-security/2012/03/20/8
mailing-list
x_refsource_MLIST
x_transferred
http://www.openwall.com/lists/oss-security/2012/03/21/5
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/48488
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/USN-1436-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.gnu.org/software/gnutls/security.html
x_refsource_CONFIRM
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=804920
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0488.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932
mailing-list
x_refsource_MLIST
x_transferred
http://www.securitytracker.com/id?1026829
vdb-entry
x_refsource_SECTRACK
x_transferred
http://linux.oracle.com/errata/ELSA-2014-0596.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/48596
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/50739
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/48397
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/48505
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
x_refsource_MISC
x_transferred
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53
mailing-list
x_refsource_MLIST
x_transferred
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54
mailing-list
x_refsource_MLIST
x_transferred
http://www.openwall.com/lists/oss-security/2012/03/20/3
mailing-list
x_refsource_MLIST
x_transferred
http://www.debian.org/security/2012/dsa-2440
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2012:039
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/57260
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0427.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/48578
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0531.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/49002
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/20/8
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/21/5
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/48488
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1436-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.gnu.org/software/gnutls/security.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=804920
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0488.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026829
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://linux.oracle.com/errata/ELSA-2014-0596.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/48596
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/50739
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/48397
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/48505
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/20/3
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.debian.org/security/2012/dsa-2440
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:039
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:26 Mar, 2012 | 19:55
Updated At:29 Apr, 2026 | 01:13

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

GNU
gnu
>>gnutls>>Versions up to 3.0.15(inclusive)
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.0.16
cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.0.17
cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.0.18
cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.0.19
cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.0.20
cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.0.21
cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.0.22
cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.0.23
cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.0.24
cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.0.25
cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.1.13
cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.1.14
cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.1.15
cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.1.16
cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.1.17
cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.1.18
cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.1.19
cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.1.20
cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.1.21
cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.1.22
cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.1.23
cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.2.0
cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.2.1
cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.2.2
cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.2.3
cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.2.4
cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.2.5
cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.2.6
cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.2.7
cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.2.8
cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.2.8.1a1
cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.2.9
cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.2.10
cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.2.11
cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.3.0
cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.3.1
cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.3.2
cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.3.3
cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.3.4
cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.3.5
cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.4.0
cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.4.1
cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.4.2
cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.4.3
cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.4.4
cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.4.5
cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.5.0
cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.5.1
cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>1.5.2
cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.htmlsecalert@redhat.com
N/A
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932secalert@redhat.com
Patch
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53secalert@redhat.com
N/A
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54secalert@redhat.com
N/A
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/secalert@redhat.com
Exploit
http://linux.oracle.com/errata/ELSA-2014-0596.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-0427.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-0488.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-0531.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/48397secalert@redhat.com
N/A
http://secunia.com/advisories/48488secalert@redhat.com
N/A
http://secunia.com/advisories/48505secalert@redhat.com
N/A
http://secunia.com/advisories/48578secalert@redhat.com
N/A
http://secunia.com/advisories/48596secalert@redhat.com
N/A
http://secunia.com/advisories/49002secalert@redhat.com
N/A
http://secunia.com/advisories/50739secalert@redhat.com
N/A
http://secunia.com/advisories/57260secalert@redhat.com
N/A
http://www.debian.org/security/2012/dsa-2440secalert@redhat.com
N/A
http://www.gnu.org/software/gnutls/security.htmlsecalert@redhat.com
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:039secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/03/20/3secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/03/20/8secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/03/21/5secalert@redhat.com
N/A
http://www.securitytracker.com/id?1026829secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-1436-1secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=804920secalert@redhat.com
N/A
http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932af854a3a-2127-422b-91ae-364da2661108
Patch
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53af854a3a-2127-422b-91ae-364da2661108
N/A
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54af854a3a-2127-422b-91ae-364da2661108
N/A
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/af854a3a-2127-422b-91ae-364da2661108
Exploit
http://linux.oracle.com/errata/ELSA-2014-0596.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0427.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0488.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0531.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48397af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48488af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48505af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48578af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48596af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/49002af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/50739af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/57260af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2012/dsa-2440af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gnu.org/software/gnutls/security.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:039af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/03/20/3af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/03/20/8af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/03/21/5af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026829af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1436-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=804920af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
Source: secalert@redhat.com
Resource:
Exploit
Hyperlink: http://linux.oracle.com/errata/ELSA-2014-0596.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0427.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0488.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0531.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48397
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48488
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48505
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48578
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48596
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/49002
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/50739
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/57260
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2012/dsa-2440
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.gnu.org/software/gnutls/security.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:039
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/20/3
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/20/8
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/21/5
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026829
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1436-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=804920
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://linux.oracle.com/errata/ELSA-2014-0596.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0427.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0488.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0531.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48397
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48488
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48505
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48578
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48596
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/49002
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/50739
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/57260
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2012/dsa-2440
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gnu.org/software/gnutls/security.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:039
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/20/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/20/8
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/03/21/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026829
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1436-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=804920
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

131Records found

CVE-2020-29573
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.77% / 84.51%
||
7 Day CHG~0.00%
Published-05 Dec, 2020 | 23:18
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.GNU
Product-glibcenterprise_linuxsolidfire_baseboard_management_controllercloud_backupn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-4466
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.98% / 78.09%
||
7 Day CHG~0.00%
Published-19 Nov, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.

Action-Not Available
Vendor-n/aGNU
Product-gnutlsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4458
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.15% / 89.63%
||
7 Day CHG~0.00%
Published-12 Dec, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

Action-Not Available
Vendor-n/aSUSEGNU
Product-linux_enterprise_serverglibclinux_enterprise_debuginfon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4487
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.92% / 77.42%
||
7 Day CHG~0.00%
Published-19 Nov, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.

Action-Not Available
Vendor-n/aopenSUSEGNU
Product-gnutlsopensusen/a
CVE-2013-4412
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.93% / 85.41%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 12:44
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

slim has NULL pointer dereference when using crypt() method from glibc 2.17

Action-Not Available
Vendor-berliosslimDebian GNU/LinuxGNU
Product-glibcslimdebian_linuxslim
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-2116
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.76% / 88.58%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.

Action-Not Available
Vendor-n/aGNU
Product-gnutlsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1914
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.11% / 89.54%
||
7 Day CHG~0.00%
Published-29 Apr, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0242
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.85% / 85.00%
||
7 Day CHG~0.00%
Published-08 Feb, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-6656
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.44% / 87.52%
||
7 Day CHG~0.00%
Published-05 Dec, 2014 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.

Action-Not Available
Vendor-n/aCanonical Ltd.GNUDebian GNU/Linux
Product-glibcdebian_linuxubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3509
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.60% / 88.06%
||
7 Day CHG~0.00%
Published-05 Sep, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aCanonical Ltd.GNUDebian GNU/Linux
Product-binutilsdebian_linuxubuntu_linuxlibibertyn/a
CVE-2012-3404
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.23% / 80.56%
||
7 Day CHG~0.00%
Published-10 Feb, 2014 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.GNU
Product-glibcubuntu_linuxenterprise_virtualizationenterprise_linuxn/a
CVE-2012-1573
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.20% / 89.74%
||
7 Day CHG~0.00%
Published-26 Mar, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

Action-Not Available
Vendor-n/aGNU
Product-gnutlsn/a
CVE-2019-9778
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.77% / 84.55%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 07:00
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-libredwgbackports_sleleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-1659
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.86% / 85.03%
||
7 Day CHG~0.00%
Published-08 Apr, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CVE-2022-33024
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.99% / 58.11%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:33
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2006-0052
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-5||MEDIUM
EPSS-2.64% / 83.70%
||
7 Day CHG~0.00%
Published-31 Mar, 2006 | 11:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.

Action-Not Available
Vendor-n/aGNU
Product-mailmann/a
CVE-2010-4052
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-51.30% / 98.80%
||
7 Day CHG~0.00%
Published-13 Jan, 2011 | 18:35
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CVE-2010-4051
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-40.00% / 98.45%
||
7 Day CHG~0.00%
Published-13 Jan, 2011 | 18:35
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CVE-2019-20909
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.62% / 73.13%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 17:46
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2009-4881
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.02% / 78.64%
||
7 Day CHG~0.00%
Published-01 Jun, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CVE-2009-4880
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.22% / 95.43%
||
7 Day CHG~0.00%
Published-01 Jun, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CVE-2009-5155
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.91% / 89.01%
||
7 Day CHG~0.00%
Published-26 Feb, 2019 | 02:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

Action-Not Available
Vendor-n/aNetApp, Inc.GNU
Product-glibcontap_select_deploy_administration_utilitycloud_backupsteelstore_cloud_integrated_storagen/a
CWE ID-CWE-19
Not Available
CVE-2004-1702
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.41% / 82.07%
||
7 Day CHG~0.00%
Published-21 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).

Action-Not Available
Vendor-n/aGNU
Product-cfenginen/a
CVE-2004-0849
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.57% / 72.44%
||
7 Day CHG~0.00%
Published-17 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.

Action-Not Available
Vendor-n/aGNU
Product-radiusn/a
CVE-2017-15267
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.61% / 83.54%
||
7 Day CHG~0.00%
Published-11 Oct, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.

Action-Not Available
Vendor-n/aGNU
Product-libextractorn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2003-0795
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.23% / 94.20%
||
7 Day CHG~0.00%
Published-18 Nov, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.

Action-Not Available
Vendor-quaggan/aGNUSilicon Graphics, Inc.
Product-quaggazebrapropackn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2004-0182
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.34% / 67.96%
||
7 Day CHG~0.00%
Published-17 Apr, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field.

Action-Not Available
Vendor-n/aGNU
Product-mailmann/a
CVE-2004-0131
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.54% / 87.87%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference.

Action-Not Available
Vendor-n/aGNU
Product-radiusn/a
CVE-2002-1146
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.28% / 86.92%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CVE-2018-6951
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.58% / 94.42%
||
7 Day CHG~0.00%
Published-13 Feb, 2018 | 19:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

Action-Not Available
Vendor-n/aCanonical Ltd.GNU
Product-patchubuntu_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-12961
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.26% / 66.07%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.

Action-Not Available
Vendor-n/aGNU
Product-psppn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-9771
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.77% / 84.55%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 07:00
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-libredwgbackports_sleleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-6003
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.83% / 84.87%
||
7 Day CHG-0.02%
Published-22 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNUFedora Project
Product-debian_linuxlibtasn1fedoran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2006-2941
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.45% / 82.39%
||
7 Day CHG~0.00%
Published-06 Sep, 2006 | 00:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".

Action-Not Available
Vendor-n/aGNU
Product-mailmann/a
CVE-2018-20657
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.04% / 89.37%
||
7 Day CHG+0.03%
Published-02 Jan, 2019 | 14:00
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

Action-Not Available
Vendor-n/aF5, Inc.GNU
Product-traffix_signaling_delivery_controllerbinutilsn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2018-20796
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.80% / 92.22%
||
7 Day CHG~0.00%
Published-26 Feb, 2019 | 02:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

Action-Not Available
Vendor-n/aNetApp, Inc.GNU
Product-glibcontap_select_deploy_administration_utilitycloud_backupsteelstore_cloud_integrated_storagen/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2005-3573
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.71% / 84.20%
||
7 Day CHG~0.00%
Published-16 Nov, 2005 | 07:37
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).

Action-Not Available
Vendor-n/aGNU
Product-mailmann/a
CVE-2018-19591
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.53% / 91.86%
||
7 Day CHG~0.00%
Published-04 Dec, 2018 | 16:00
Updated-03 Dec, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

Action-Not Available
Vendor-n/aFedora ProjectGNU
Product-glibcfedoran/a
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-20
Improper Input Validation
CVE-2005-1431
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.93% / 77.56%
||
7 Day CHG~0.00%
Published-03 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.

Action-Not Available
Vendor-n/aGNU
Product-gnutlsn/a
CVE-2005-1522
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.67% / 73.96%
||
7 Day CHG~0.00%
Published-26 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.

Action-Not Available
Vendor-n/aGNU
Product-mailutilsn/a
CVE-2004-2460
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.63% / 73.39%
||
7 Day CHG~0.00%
Published-20 Aug, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list.

Action-Not Available
Vendor-n/aGNU
Product-gnubiffn/a
CVE-2015-6251
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-19.03% / 96.96%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNU
Product-debian_linuxgnutlsn/a
CVE-2018-12697
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.23% / 91.51%
||
7 Day CHG~0.00%
Published-23 Jun, 2018 | 22:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.

Action-Not Available
Vendor-n/aCanonical Ltd.GNU
Product-ubuntu_linuxbinutilsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2004-1186
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.98% / 89.22%
||
7 Day CHG~0.00%
Published-29 Jan, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).

Action-Not Available
Vendor-n/aGNU
Product-enscriptn/a
CVE-2018-6952
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.41% / 94.31%
||
7 Day CHG~0.00%
Published-13 Feb, 2018 | 19:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

Action-Not Available
Vendor-n/aGNU
Product-patchn/a
CWE ID-CWE-415
Double Free
CVE-2004-0576
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.57% / 72.44%
||
7 Day CHG~0.00%
Published-30 Jun, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID.

Action-Not Available
Vendor-n/aGNU
Product-radiusn/a
CVE-2018-12698
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.69% / 93.10%
||
7 Day CHG~0.00%
Published-23 Jun, 2018 | 22:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.

Action-Not Available
Vendor-n/aCanonical Ltd.GNU
Product-ubuntu_linuxbinutilsn/a
CVE-2018-12934
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.25% / 86.81%
||
7 Day CHG~0.00%
Published-28 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2003-0853
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.44% / 95.19%
||
7 Day CHG~0.00%
Published-25 Oct, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.

Action-Not Available
Vendor-washington_universityn/aGNU
Product-wu-ftpdfileutilsn/a
CVE-2021-38604
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.04% / 85.92%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 15:43
Updated-30 May, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

Action-Not Available
Vendor-n/aOracle CorporationFedora ProjectGNU
Product-communications_cloud_native_core_security_edge_protection_proxyenterprise_operations_monitorfedoracommunications_cloud_native_core_binding_support_functioncommunications_cloud_native_core_network_function_cloud_native_environmentglibccommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_unified_data_repositoryn/a
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found