CVE-2004-2531Gnutls vulnerability

3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.9%
top 24.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Gnutls
Timeline
PublishedDec 31
Latest updateApr 29

Description

X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDgnu/gnutls1.0.16

Patches

Patch: secunia.comPatch: securitytracker.comPatch: www.hornik.sk

🔴Vulnerability Details

2
GHSA
GHSA-2xmw-23qh-mjvr: X2022-04-29
CVEList
CVE-2004-2531: X2005-10-25
CVE-2004-2531 — GNU Gnutls vulnerability | cvebase