Published: 07/03/2014 Updated: 28/11/2016

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

lib/x509/verify.c in GnuTLS prior to 3.1.21 and 3.2.x prior to 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote malicious users to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu gnutls 3.1.12
gnu gnutls 3.1.13
gnu gnutls 3.1.14
gnu gnutls 3.1.6
gnu gnutls 3.1.7
gnu gnutls 3.1.15
gnu gnutls 3.1.16
gnu gnutls 3.1.8
gnu gnutls 3.1.9
gnu gnutls 3.1.10
gnu gnutls 3.1.11
gnu gnutls 3.1.4
gnu gnutls 3.1.5
gnu gnutls 3.1.18
gnu gnutls 3.1.17
gnu gnutls 3.1.0
gnu gnutls 3.1.1
gnu gnutls 3.1.2
gnu gnutls 3.1.3
gnu gnutls
gnu gnutls 3.1.19
gnu gnutls 3.2.7
gnu gnutls 3.2.3
gnu gnutls 3.2.4
gnu gnutls 3.2.8
gnu gnutls 3.2.8.1
gnu gnutls 3.2.5
gnu gnutls 3.2.6
gnu gnutls 3.2.0
gnu gnutls 3.2.1
gnu gnutls 3.2.2
gnu gnutls 3.2.9

GnuTLS incorrectly validated certain intermediate certificates ...

lib/x509/verifyc in GnuTLS before 3121 and 32x before 3211 treats version 1 X509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X509 V1 certificate from a trusted CA to issue new certificates ...

CWE-264 https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c http://seclists.org/oss-sec/2014/q1/345 http://www.gnutls.org/security.html http://seclists.org/oss-sec/2014/q1/344 http://www.debian.org/security/2014/dsa-2866 http://www.ubuntu.com/usn/USN-2121-1 http://www.securityfocus.com/bid/65559 https://usn.ubuntu.com/2121-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-1959

CVE-2014-1959

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect