# extracted from ZTE advisory NS-SA-2023-0100. # The descriptive text and package checks in this plugin were Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. (CVE-2021-20232)Ī vulnerability found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. The crash happens in the application’s error handling path, where the gnutls_deinit function is called after detecting a handshake failure. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The remote NewStart CGSL host, running version MAIN 6.06, has gnutls packages installed that are affected by multiple vulnerabilities:Īn issue was discovered in GnuTLS before 3.6.15.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |