CVE-2014-8155

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnutls
Vendor: CVE Published:; 14 August 2015

Summary

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.

References

http://www.securityfocus.com/bid/73317

vdb-entryx_refsource_BID

http://rhn.redhat.com/errata/RHSA-2015-1457.html

vendor-advisoryx_refsource_REDHAT

https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a49...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 14, 2015
Vulnerability Reserved
Oct 10, 2014