CVE-2014-1959

CWE-264 CWE-295 — Improper Certificate Validation13 documents8 sources

Severity

5.8MEDIUM

EPSS

0.2%

top 54.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Gnutls

Timeline

PublishedMar 7

Latest updateMay 17

Description

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶Debiangnutls28< 3.2.11-1+3

▶NVDgnu/gnutls3.1.20+32

Patches

Patch: www.gitorious.org ↗Patch: www.gitorious.org ↗

🔴Vulnerability Details

GHSA

GHSA-pcqq-cwj9-7ggm: lib/x509/verify↗2022-05-17

▶

OSV

CVE-2014-1959: lib/x509/verify↗2014-03-07

▶

CVEList

CVE-2014-1959: lib/x509/verify↗2014-03-06

▶

📋Vendor Advisories

Ubuntu

GnuTLS vulnerability↗2014-02-25

▶

Red Hat

gnutls: incorrect handling of V1 intermediate certificates (GNUTLS-SA-2014-1)↗2014-02-12

▶

Debian

CVE-2014-1959: gnutls28 - lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version...↗2014

▶

Red Hat

gnutls: incorrect handling of V1 intermediate certificates↗2009-01-09

▶

💬Community

Bugzilla

CVE-2009-5138 gnutls: incorrect handling of V1 intermediate certificates↗2014-02-24

▶

Bugzilla

CVE-2014-1959 mingw-gnutls: gnutls: certificate verification flaw (GNUTLS-SA-2014-1) [fedora-all]↗2014-02-13

▶

Bugzilla

CVE-2014-1959 gnutls: incorrect handling of V1 intermediate certificates (GNUTLS-SA-2014-1)↗2014-02-13

▶

Bugzilla

CVE-2014-1959 mingw32-gnutls: gnutls: certificate verification flaw (GNUTLS-SA-2014-1) [epel-5]↗2014-02-13

▶

Bugzilla

CVE-2014-1959 gnutls: certificate verification flaw (GNUTLS-SA-2014-1) [fedora-all]↗2014-02-13

▶