CVE-2009-2730

CWE-3106 documents6 sources
Severity
7.5HIGH
EPSS
2.7%
top 14.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Gnutls
Timeline
PublishedAug 12
Latest updateMay 2

Description

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgnu/gnutls2.8.1+120

🔴Vulnerability Details

2
GHSA
GHSA-x6gw-c9hx-x25f: libgnutls in GnuTLS before 22022-05-02
CVEList
CVE-2009-2730: libgnutls in GnuTLS before 22009-08-12

📋Vendor Advisories

2
Ubuntu
GnuTLS vulnerabilities2009-08-19
Red Hat
gnutls: incorrect verification of SSL certificate with NUL in name (GNUTLS-SA-2009-4)2009-08-04

💬Community

1
Bugzilla
CVE-2009-2730 gnutls: incorrect verification of SSL certificate with NUL in name (GNUTLS-SA-2009-4)2009-08-07
CVE-2009-2730 (HIGH CVSS 7.5) | libgnutls in GnuTLS before 2.8.2 do | cvebase.io