CVE-2015-0294

CWE-295Improper Certificate Validation9 documents8 sources
Severity
7.5HIGH
EPSS
0.6%
top 30.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GNU GnutlsGnutls GnutlsDebian Debian Linux+1 more
Timeline
PublishedJan 27
Latest updateMay 24

Description

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDgnu/gnutls< 3.3.13
Debiangnutls28< 3.3.8-6+3
CVEListV5gnutls/gnutlsbefore 3.3.13

Also affects: Debian Linux 7.0, Enterprise Linux 5.0, 7.0

Patches

Patch: bugzilla.redhat.comPatch: gitlab.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
GHSA
GHSA-xqm3-jfj9-8pf2: GnuTLS before 32022-05-24
CVEList
CVE-2015-0294: GnuTLS before 32020-01-27
OSV
CVE-2015-0294: GnuTLS before 32020-01-27
OSV
gnutls26, gnutls28 vulnerabilities2015-03-23

📋Vendor Advisories

3
Ubuntu
GnuTLS vulnerabilities2015-03-23
Red Hat
gnutls: certificate algorithm consistency checking issue2015-02-27
Debian
CVE-2015-0294: gnutls28 - GnuTLS before 3.3.13 does not validate that the signature algorithms match when ...2015

💬Community

1
Bugzilla
CVE-2015-0294 gnutls: certificate algorithm consistency checking issue2015-02-25
CVE-2015-0294 (HIGH CVSS 7.5) | GnuTLS before 3.3.13 does not valid | cvebase.io