5.8

CVE-2014-1959

Exploit

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGnutls Version <= 3.1.20
GnuGnutls Version3.1.0
GnuGnutls Version3.1.1
GnuGnutls Version3.1.2
GnuGnutls Version3.1.3
GnuGnutls Version3.1.4
GnuGnutls Version3.1.5
GnuGnutls Version3.1.6
GnuGnutls Version3.1.7
GnuGnutls Version3.1.8
GnuGnutls Version3.1.9
GnuGnutls Version3.1.10
GnuGnutls Version3.1.11
GnuGnutls Version3.1.12
GnuGnutls Version3.1.13
GnuGnutls Version3.1.14
GnuGnutls Version3.1.15
GnuGnutls Version3.1.16
GnuGnutls Version3.1.17
GnuGnutls Version3.1.18
GnuGnutls Version3.1.19
GnuGnutls Version <= 3.2.10
GnuGnutls Version3.2.0
GnuGnutls Version3.2.1
GnuGnutls Version3.2.2
GnuGnutls Version3.2.3
GnuGnutls Version3.2.4
GnuGnutls Version3.2.5
GnuGnutls Version3.2.6
GnuGnutls Version3.2.7
GnuGnutls Version3.2.8
GnuGnutls Version3.2.8.1
GnuGnutls Version3.2.9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.428
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N