Daiki Ueno

**Name of the Vulnerable Software and Affected Versions** GnuTLS (affected versions not specified) **Description** A vulnerability was found related to the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange, which differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue is associated with information disclosure through inconsistency. Exploitation of the vulnerability may allow a remote attacker to access confidential data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GnuTLS (affected versions not specified) **Description** A NULL pointer dereference flaw was found in GnuTLS, related to the implementation of the `wrap nettle hash fast()` function in the cryptographic library. This flaw can cause undefined behavior when providing zero-length input to Nettle's hash update functions, which internally call `memcpy()`. The issue can lead to a denial of service after authentication in rare circumstances. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.