GCVE - cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*

part: a version: 2.12.0 update: *

Vendor	Gnu (`575dd98a-a14a-5d9e-a2eb-97d38d86fcb9`)
Product	Gnutls (`955d43fd-13b7-57ed-9845-207af9eef570`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/gnutls/gnutls`	purl2cpe	2026-06-01 10:11:56.106955
`pkg:gitlab/gnutls/gnutls`	purl2cpe	2026-06-01 10:11:56.106956
`pkg:gnu/gnutls`	purl2cpe	2026-06-01 10:11:56.106958
`pkg:rpm/fedora/gnutls`	purl2cpe	2026-06-01 10:11:56.106959
`pkg:rpm/opensuse/gnutls`	purl2cpe	2026-06-01 10:11:56.106960

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-1619`	vulnerable	2026-06-03 14:32:50.385272	Details available The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. Published: 2013-02-08T19:00:00.000Z Updated: 2024-08-06T15:04:49.607Z Open on db.gcve.eu Reference links http://secunia.com/advisories/57260 https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0 http://www.gnutls.org/security.html#GNUTLS-SA-2013-1 http://www.isg.rhul.ac.uk/tls/TLStiming.pdf http://secunia.com/advisories/57274	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1663`	vulnerable	2026-06-03 14:31:43.931391	Details available Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list. Published: 2012-03-13T22:00:00.000Z Updated: 2024-08-06T19:01:02.915Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/74099 http://www.exploit-db.com/exploits/24865 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5866	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1573`	vulnerable	2026-06-03 14:31:43.334450	Details available gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. Published: 2012-03-26T19:00:00.000Z Updated: 2024-08-06T19:01:01.946Z Open on db.gcve.eu Reference links http://www.ubuntu.com/usn/USN-1418-1 http://secunia.com/advisories/57260 http://rhn.redhat.com/errata/RHSA-2012-0531.html http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912 http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1569`	vulnerable	2026-06-03 14:31:43.292686	Details available The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. Published: 2012-03-26T19:00:00.000Z Updated: 2024-08-06T19:01:02.196Z Open on db.gcve.eu Reference links http://secunia.com/advisories/57260 http://rhn.redhat.com/errata/RHSA-2012-0427.html http://secunia.com/advisories/48578 http://rhn.redhat.com/errata/RHSA-2012-0531.html http://secunia.com/advisories/49002	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-0390`	vulnerable	2026-06-03 14:31:36.709748	Details available The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. Published: 2012-01-06T01:00:00.000Z Updated: 2024-08-06T18:23:31.227Z Open on db.gcve.eu Reference links http://secunia.com/advisories/57260 http://www.isg.rhul.ac.uk/~kp/dtls.pdf http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4128`	vulnerable	2026-06-03 14:31:23.253744	Details available Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. Published: 2011-12-08T20:00:00.000Z Updated: 2024-08-07T00:01:51.259Z Open on db.gcve.eu Reference links http://www.ubuntu.com/usn/USN-1418-1 http://rhn.redhat.com/errata/RHSA-2012-0531.html http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=e82ef4545e9e98cbcb032f55d7c750b81e3a0450 http://openwall.com/lists/oss-security/2011/11/09/2 http://secunia.com/advisories/48712	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.