FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1cd0c17a-17c0-11ed-91a5-080027f5fec9gnutls -- double free vulnerability

The GnuTLS project reports:

When gnutls_pkcs7_verify cannot verify signature against given trust list, it starts creating a chain of certificates starting from identified signer up to known root. During the creation of this chain the signer certificate gets freed which results in double free when the same signer certificate is freed at the end of the algorithm.


Discovery 2022-07-07
Entry 2022-08-09
gnutls
ge 3.6.0 lt 3.7.7

CVE-2022-2509
https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07
d887b3d9-7366-11ea-b81a-001cc0382b2fGnuTLS -- flaw in DTLS protocol implementation

The GnuTLS project reports:

It was found that GnuTLS 3.6.3 introduced a regression in the DTLS protocol implementation. This caused the DTLS client to not contribute any randomness to the DTLS negotiation breaking the security guarantees of the DTLS protocol.


Discovery 2020-03-31
Entry 2020-03-31
gnutls
< 3.6.13

https://gnutls.org/security-new.html#GNUTLS-SA-2020-03-31
CVE-2020-11501
2272e6f1-f029-11ea-838a-0011d823eebdGnuTLS -- null pointer dereference

The GnuTLS project reports:

It was found by oss-fuzz that the server sending a "no_renegotiation" alert in an unexpected timing, followed by an invalid second handshake can cause a TLS 1.3 client to crash via a null-pointer dereference. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.


Discovery 2020-09-04
Entry 2020-09-06
gnutls
< 3.6.15

https://gnutls.org/security-new.html#GNUTLS-SA-2020-09-04
CVE-2020-24659
ef5b4f5f-a658-11ea-80d7-001cc0382b2fGnuTLS -- flaw in TLS session ticket key construction

The GnuTLS project reports:

It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2.


Discovery 2020-06-03
Entry 2020-06-04
gnutls
< 3.6.14

https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
CVE-2020-13777