Nikos Mavrogiannopoulos

**Name of the Vulnerable Software and Affected Versions** GnuTLS versions prior to 3.3.26 GnuTLS versions 3.5.x prior to 3.5.8 **Description** A double free vulnerability exists in the gnutls x509 ext import proxy function, allowing remote attackers to have an unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. **Recommendations** For GnuTLS versions prior to 3.3.26, update to version 3.3.26 or later. For GnuTLS versions 3.5.x prior to 3.5.8, update to version 3.5.8 or later.

**Name of the Vulnerable Software and Affected Versions** GnuTLS versions prior to 3.1.0 **Description** The issue allows remote attackers to conduct downgrade attacks because it does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate. **Recommendations** For versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GnuTLS versions prior to 3.3.13 **Description** The issue arises from the failure to validate that the signature algorithms match when importing a certificate. This could potentially lead to security issues, although specific details about the estimated number of affected devices or real-world incidents are not provided. **Recommendations** For versions prior to 3.3.13, update to version 3.3.13 or later to resolve the issue.