CVE-2009-2730

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 2.8.2 GnuTLS versions prior to 2.10.0 GnuTLS versions prior to 2.12.18 libgnutls26 versions (affected versions not specified) libgnutls26-dbg versions (affected versions not specified)

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely. The problem is related to the handling of a '0' character in a domain name in the subject's Common Name (CN) or Subject Alternative Name (SAN) field of an X.509 certificate, allowing man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Recommendations For GnuTLS versions prior to 2.8.2, update to version 2.8.2 or later. For GnuTLS versions prior to 2.10.0, update to version 2.10.0 or later. For GnuTLS versions prior to 2.12.18, update to version 2.12.18 or later. For libgnutls26 and libgnutls26-dbg, at the moment, there is no information about a newer version that contains a fix for this vulnerability.