Suggestions search

Untriaged

Filter by:

With package: gnutls

Found 3 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-42011

7.4 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 2 hours ago Activity log

Created suggestion 2 hours ago

Gnutls: gnutls: security bypass due to incorrect name constraint handling

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.

References

https://access.redhat.com/security/cve/CVE-2026-42011 vdb-entryx_refsource_REDHAT
RHBZ#2467437 issue-trackingx_refsource_REDHAT

Affected products

rhcos

gnutls

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable 3.8.12
- nixpkgs-unstable 3.8.12
- nixos-unstable-small 3.8.12
nixos-25.11 3.8.12
- nixos-25.11-small 3.8.12
- nixpkgs-25.11-darwin 3.8.12

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable 5.0.1
- nixpkgs-unstable 5.0.1
- nixos-unstable-small 5.0.1
nixos-25.11 5.0.1
- nixos-25.11-small 5.0.1
- nixpkgs-25.11-darwin 5.0.1

pkgs.python312Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-25.11 python3-gnutls-3.1.10
- nixos-25.11-small python3-gnutls-3.1.10
- nixpkgs-25.11-darwin python3-gnutls-3.1.10

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10
nixos-25.11 python3-gnutls-3.1.10
- nixos-25.11-small python3-gnutls-3.1.10
- nixpkgs-25.11-darwin python3-gnutls-3.1.10

pkgs.python314Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>

Permalink CVE-2026-42010

7.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): NONE

created 3 hours ago Activity log

Created suggestion 3 hours ago

Gnutls: gnutls: authentication bypass via nul character in username

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

References

https://access.redhat.com/security/cve/CVE-2026-42010 vdb-entryx_refsource_REDHAT
RHBZ#2467289 issue-trackingx_refsource_REDHAT

Affected products

rhcos

gnutls

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable 3.8.12
- nixpkgs-unstable 3.8.12
- nixos-unstable-small 3.8.12
nixos-25.11 3.8.12
- nixos-25.11-small 3.8.12
- nixpkgs-25.11-darwin 3.8.12

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable 5.0.1
- nixpkgs-unstable 5.0.1
- nixos-unstable-small 5.0.1
nixos-25.11 5.0.1
- nixos-25.11-small 5.0.1
- nixpkgs-25.11-darwin 5.0.1

pkgs.python312Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-25.11 python3-gnutls-3.1.10
- nixos-25.11-small python3-gnutls-3.1.10
- nixpkgs-25.11-darwin python3-gnutls-3.1.10

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10
nixos-25.11 python3-gnutls-3.1.10
- nixos-25.11-small python3-gnutls-3.1.10
- nixpkgs-25.11-darwin python3-gnutls-3.1.10

pkgs.python314Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>

Permalink CVE-2025-6395

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): HIGH

updated 6 days, 17 hours ago by @LeSuisse Activity log

Created suggestion 7 months, 2 weeks ago
@LeSuisse ignored
3 packages
- guile-gnutls
- python312Packages.python3-gnutls
- python313Packages.python3-gnutls
6 days, 17 hours ago
@LeSuisse ignored
9 references
6 days, 17 hours ago

Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.