GnuTLS Vulnerability in X.509 Certificate Verification
CVE-2014-1959

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
7 March 2014

Summary

A flaw in the certificate verification process of GnuTLS allows remote attackers to exploit version 1 X.509 certificates. The library incorrectly treats these certificates as intermediate Certificate Authorities (CAs), enabling attackers to leverage a trusted CA's X.509 V1 certificate to issue unauthorized certificates. This could lead to significant security risks as the intended restrictions on certificate issuance can be bypassed.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.