5.8

CVE-2014-1959

Exploit
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGnutls Version <= 3.1.20
GnuGnutls Version3.1.0
GnuGnutls Version3.1.1
GnuGnutls Version3.1.2
GnuGnutls Version3.1.3
GnuGnutls Version3.1.4
GnuGnutls Version3.1.5
GnuGnutls Version3.1.6
GnuGnutls Version3.1.7
GnuGnutls Version3.1.8
GnuGnutls Version3.1.9
GnuGnutls Version3.1.10
GnuGnutls Version3.1.11
GnuGnutls Version3.1.12
GnuGnutls Version3.1.13
GnuGnutls Version3.1.14
GnuGnutls Version3.1.15
GnuGnutls Version3.1.16
GnuGnutls Version3.1.17
GnuGnutls Version3.1.18
GnuGnutls Version3.1.19
GnuGnutls Version <= 3.2.10
GnuGnutls Version3.2.0
GnuGnutls Version3.2.1
GnuGnutls Version3.2.2
GnuGnutls Version3.2.3
GnuGnutls Version3.2.4
GnuGnutls Version3.2.5
GnuGnutls Version3.2.6
GnuGnutls Version3.2.7
GnuGnutls Version3.2.8
GnuGnutls Version3.2.8.1
GnuGnutls Version3.2.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.42% 0.874
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://seclists.org/oss-sec/2014/q1/344
http://seclists.org/oss-sec/2014/q1/345
http://www.debian.org/security/2014/dsa-2866
http://www.gnutls.org/security.html
Vendor Advisory
http://www.securityfocus.com/bid/65559
http://www.ubuntu.com/usn/USN-2121-1
https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c
Patch
Exploit