Lucene search

RedhatCVE-2014-0092

HistoryMar 07, 2014 - 12:10 a.m.

CVE-2014-0092

2014-03-0700:10:53

CWE-310

redhat

web.nvd.nist.gov

124

cve-2014-0092

gnutls

ssl

certificate verification

man-in-the-middle

security vulnerability

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

7.1

Confidence

High

EPSS

0.075

Percentile

94.2%

JSON

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Affected configurations

Nvd

Node

gnugnutlsRange≤3.2.11

gnugnutlsMatch3.2.0

gnugnutlsMatch3.2.1

gnugnutlsMatch3.2.2

gnugnutlsMatch3.2.3

gnugnutlsMatch3.2.4

gnugnutlsMatch3.2.5

gnugnutlsMatch3.2.6

gnugnutlsMatch3.2.7

gnugnutlsMatch3.2.8

gnugnutlsMatch3.2.8.1

gnugnutlsMatch3.2.9

gnugnutlsMatch3.2.10

Node

gnugnutlsRange≤3.1.21

gnugnutlsMatch3.1.0

gnugnutlsMatch3.1.1

gnugnutlsMatch3.1.2

gnugnutlsMatch3.1.3

gnugnutlsMatch3.1.4

gnugnutlsMatch3.1.5

gnugnutlsMatch3.1.6

gnugnutlsMatch3.1.7

gnugnutlsMatch3.1.8

gnugnutlsMatch3.1.9

gnugnutlsMatch3.1.10

gnugnutlsMatch3.1.11

gnugnutlsMatch3.1.12

gnugnutlsMatch3.1.13

gnugnutlsMatch3.1.14

gnugnutlsMatch3.1.15

gnugnutlsMatch3.1.16

gnugnutlsMatch3.1.17

gnugnutlsMatch3.1.18

gnugnutlsMatch3.1.19

gnugnutlsMatch3.1.20

VendorProductVersionCPE
gnugnutls*cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
gnugnutls3.2.0cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*
gnugnutls3.2.1cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*
gnugnutls3.2.2cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*
gnugnutls3.2.3cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*
gnugnutls3.2.4cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*
gnugnutls3.2.5cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*
gnugnutls3.2.6cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*
gnugnutls3.2.7cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*
gnugnutls3.2.8cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	gnutls	*	cpe:2.3:a:gnu:gnutls::::::::
gnu	gnutls	3.2.0	cpe:2.3:a:gnu:gnutls:3.2.0:::::::*
gnu	gnutls	3.2.1	cpe:2.3:a:gnu:gnutls:3.2.1:::::::*
gnu	gnutls	3.2.2	cpe:2.3:a:gnu:gnutls:3.2.2:::::::*
gnu	gnutls	3.2.3	cpe:2.3:a:gnu:gnutls:3.2.3:::::::*
gnu	gnutls	3.2.4	cpe:2.3:a:gnu:gnutls:3.2.4:::::::*
gnu	gnutls	3.2.5	cpe:2.3:a:gnu:gnutls:3.2.5:::::::*
gnu	gnutls	3.2.6	cpe:2.3:a:gnu:gnutls:3.2.6:::::::*
gnu	gnutls	3.2.7	cpe:2.3:a:gnu:gnutls:3.2.7:::::::*
gnu	gnutls	3.2.8	cpe:2.3:a:gnu:gnutls:3.2.8:::::::*