CVE-2014-0092

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnutls
Vendor: CVE Published:; 7 March 2014

Summary

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

References

http://secunia.com/advisories/57321

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/57260

third-party-advisoryx_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2014-0288.html

vendor-advisoryx_refsource_REDHAT

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 7, 2014
Vulnerability Reserved
Dec 3, 2013