CVE-2014-1959

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnutls
Vendor: CVE Published:; 7 March 2014

Summary

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.

References

http://www.gnutls.org/security.html

x_refsource_CONFIRM

http://seclists.org/oss-sec/2014/q1/344

mailing-listx_refsource_MLIST

http://seclists.org/oss-sec/2014/q1/345

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Mar 7, 2014
Vulnerability Reserved
Feb 13, 2014