• info
• discussion
• exploit
• solution
• references

GnuTLS Prior to 2.6.6 Multiple Remote Vulnerabilities

GnuTLS is prone to multiple remote vulnerabilities:

- A remote code-execution vulnerability
- A denial-of-service vulnerability
- A signature-generation vulnerability
- A signature-verification vulnerability

An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.

Versions prior to GnuTLS 2.6.6 are vulnerable.