GnuTLS Vulnerability in X.509 Certificate Verification
CVE-2014-1959
Currently unrated
Summary
A flaw in the certificate verification process of GnuTLS allows remote attackers to exploit version 1 X.509 certificates. The library incorrectly treats these certificates as intermediate Certificate Authorities (CAs), enabling attackers to leverage a trusted CA's X.509 V1 certificate to issue unauthorized certificates. This could lead to significant security risks as the intended restrictions on certificate issuance can be bypassed.
References
Timeline
Vulnerability published
Vulnerability Reserved