CVE-2014-8155

CWE-17CWE-3258 documents8 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 47.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Gnutls
Timeline
PublishedAug 14
Latest updateMay 14

Description

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Ubuntugnutls26< 2.12.23-12ubuntu2.2
NVDgnu/gnutls2.9.9

🔴Vulnerability Details

3
GHSA
GHSA-q3j8-fx5r-2c6f: GnuTLS before 22022-05-14
CVEList
CVE-2014-8155: GnuTLS before 22015-08-14
OSV
gnutls26, gnutls28 vulnerabilities2015-03-23

📋Vendor Advisories

3
Ubuntu
GnuTLS vulnerabilities2015-03-23
Debian
CVE-2014-8155: gnutls28 - GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA c...2014
Red Hat
gnutls: gnutls does not perform date/time checks on CA certificates2010-03-14

💬Community

1
Bugzilla
CVE-2014-8155 gnutls: gnutls does not perform date/time checks on CA certificates2015-03-03
CVE-2014-8155 (MEDIUM CVSS 4.3) | GnuTLS before 2.9.10 does not verif | cvebase.io