CVE-2014-0092 — Improper Certificate Validation in Gnutls

CWE-310CWE-295 — Improper Certificate Validation11 documents8 sources
Severity
5.8MEDIUMNVD
EPSS
4.8%
top 10.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Gnutls
Timeline
PublishedMar 7
Latest updateMay 17

Description

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

â–¶NVDgnu/gnutls3.2.11+34

🔴Vulnerability Details

3
GHSA
GHSA-c9fv-cm23-r7xv: lib/x509/verify↗2022-05-17
â–¶
OSV
CVE-2014-0092: lib/x509/verify↗2014-03-07
â–¶
CVEList
CVE-2014-0092: lib/x509/verify↗2014-03-06
â–¶

📋Vendor Advisories

3
Ubuntu
GnuTLS vulnerability↗2014-03-04
â–¶
Red Hat
gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2)↗2014-03-03
â–¶
Debian
CVE-2014-0092: gnutls28 - lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not prope...↗2014
â–¶

💬Community

4
Bugzilla
CVE-2014-0092 gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2) [fedora-all]↗2014-03-03
â–¶
Bugzilla
CVE-2014-0092 mingw32-gnutls: gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2) [epel-5]↗2014-03-03
â–¶
Bugzilla
CVE-2014-0092 mingw-gnutls: gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2) [fedora-all]↗2014-03-03
â–¶
Bugzilla
CVE-2014-0092 gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2)↗2014-02-25
â–¶
CVE-2014-0092 — Improper Certificate Validation | cvebase