CVE-2015-0282

CWE-310CWE-295 — Improper Certificate Validation9 documents8 sources
Severity
5.0MEDIUM
EPSS
0.2%
top 58.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Gnutls
Timeline
PublishedMar 24
Latest updateMay 14

Description

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

â–¶Ubuntugnutls26< 2.12.23-12ubuntu2.2
â–¶NVDgnu/gnutls3.0.9

🔴Vulnerability Details

4
GHSA
GHSA-qx46-76qj-r7r3: GnuTLS before 3↗2022-05-14
â–¶
CVEList
CVE-2015-0282: GnuTLS before 3↗2015-03-24
â–¶
OSV
gnutls26, gnutls28 vulnerabilities↗2015-03-23
â–¶
OSV
CVE-2015-0282: GnuTLS before 3↗2015-03-12
â–¶

📋Vendor Advisories

3
Ubuntu
GnuTLS vulnerabilities↗2015-03-23
â–¶
Red Hat
gnutls: RSA PKCS#1 signature verification forgery↗2015-03-11
â–¶
Debian
CVE-2015-0282: gnutls28 - GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm mat...↗2015
â–¶

💬Community

1
Bugzilla
CVE-2015-0282 gnutls: RSA PKCS#1 signature verification forgery↗2015-02-19
â–¶
CVE-2015-0282 (MEDIUM CVSS 5) | GnuTLS before 3.1.0 does not verify | cvebase.io