7.5

CVE-2009-2730

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Data is provided by the National Vulnerability Database (NVD)
GnuGnutls Version <= 2.8.1
GnuGnutls Version1.0.16
GnuGnutls Version1.0.17
GnuGnutls Version1.0.18
GnuGnutls Version1.0.19
GnuGnutls Version1.0.20
GnuGnutls Version1.0.21
GnuGnutls Version1.0.22
GnuGnutls Version1.0.23
GnuGnutls Version1.0.24
GnuGnutls Version1.0.25
GnuGnutls Version1.1.13
GnuGnutls Version1.1.14
GnuGnutls Version1.1.15
GnuGnutls Version1.1.16
GnuGnutls Version1.1.17
GnuGnutls Version1.1.18
GnuGnutls Version1.1.19
GnuGnutls Version1.1.20
GnuGnutls Version1.1.21
GnuGnutls Version1.1.22
GnuGnutls Version1.1.23
GnuGnutls Version1.2.0
GnuGnutls Version1.2.1
GnuGnutls Version1.2.2
GnuGnutls Version1.2.3
GnuGnutls Version1.2.4
GnuGnutls Version1.2.5
GnuGnutls Version1.2.6
GnuGnutls Version1.2.7
GnuGnutls Version1.2.8
GnuGnutls Version1.2.8.1a1
GnuGnutls Version1.2.9
GnuGnutls Version1.2.10
GnuGnutls Version1.2.11
GnuGnutls Version1.3.0
GnuGnutls Version1.3.1
GnuGnutls Version1.3.2
GnuGnutls Version1.3.3
GnuGnutls Version1.3.4
GnuGnutls Version1.3.5
GnuGnutls Version1.4.0
GnuGnutls Version1.4.1
GnuGnutls Version1.4.2
GnuGnutls Version1.4.3
GnuGnutls Version1.4.4
GnuGnutls Version1.4.5
GnuGnutls Version1.5.0
GnuGnutls Version1.5.1
GnuGnutls Version1.5.2
GnuGnutls Version1.5.3
GnuGnutls Version1.5.4
GnuGnutls Version1.5.5
GnuGnutls Version1.6.0
GnuGnutls Version1.6.1
GnuGnutls Version1.6.2
GnuGnutls Version1.6.3
GnuGnutls Version1.7.0
GnuGnutls Version1.7.1
GnuGnutls Version1.7.2
GnuGnutls Version1.7.3
GnuGnutls Version1.7.4
GnuGnutls Version1.7.5
GnuGnutls Version1.7.6
GnuGnutls Version1.7.7
GnuGnutls Version1.7.8
GnuGnutls Version1.7.9
GnuGnutls Version1.7.10
GnuGnutls Version1.7.11
GnuGnutls Version1.7.12
GnuGnutls Version1.7.13
GnuGnutls Version1.7.14
GnuGnutls Version1.7.15
GnuGnutls Version1.7.16
GnuGnutls Version1.7.17
GnuGnutls Version1.7.18
GnuGnutls Version1.7.19
GnuGnutls Version2.0.0
GnuGnutls Version2.0.1
GnuGnutls Version2.0.2
GnuGnutls Version2.0.3
GnuGnutls Version2.0.4
GnuGnutls Version2.1.0
GnuGnutls Version2.1.1
GnuGnutls Version2.1.2
GnuGnutls Version2.1.3
GnuGnutls Version2.1.4
GnuGnutls Version2.1.5
GnuGnutls Version2.1.6
GnuGnutls Version2.1.7
GnuGnutls Version2.1.8
GnuGnutls Version2.2.0
GnuGnutls Version2.2.1
GnuGnutls Version2.2.2
GnuGnutls Version2.2.3
GnuGnutls Version2.2.4
GnuGnutls Version2.2.5
GnuGnutls Version2.3.0
GnuGnutls Version2.3.1
GnuGnutls Version2.3.2
GnuGnutls Version2.3.3
GnuGnutls Version2.3.4
GnuGnutls Version2.3.5
GnuGnutls Version2.3.6
GnuGnutls Version2.3.7
GnuGnutls Version2.3.8
GnuGnutls Version2.3.9
GnuGnutls Version2.3.10
GnuGnutls Version2.3.11
GnuGnutls Version2.4.0
GnuGnutls Version2.4.1
GnuGnutls Version2.4.2
GnuGnutls Version2.5.0
GnuGnutls Version2.6.0
GnuGnutls Version2.6.1
GnuGnutls Version2.6.2
GnuGnutls Version2.6.3
GnuGnutls Version2.6.4
GnuGnutls Version2.6.5
GnuGnutls Version2.6.6
GnuGnutls Version2.8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.7% 0.845
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P