PT-2014-1865 · Gnu+4 · Gnutls+4

Published

2014-03-03

Updated

2024-06-15

CVE-2014-0092

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.1.22 GnuTLS versions 3.2.x prior to 3.2.12

Description The issue arises from improper handling of unspecified errors when verifying X.509 certificates from SSL servers, allowing man-in-the-middle attackers to spoof servers via a crafted certificate. Exploitation of this vulnerability can lead to a breach of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For GnuTLS versions prior to 3.1.22, update to version 3.1.22 or later. For GnuTLS versions 3.2.x prior to 3.2.12, update to version 3.2.12 or later. As a temporary workaround, consider restricting the use of X.509 certificate verification until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

ALT-PU-2014-1263

BDU:2015-07241

BDU:2015-07246

BDU:2015-07249

BDU:2015-07253

BDU:2015-09761

CESA-2014_0246

CVE-2014-0092

DSA-2869-1

MGASA-2014-0117

OPENSUSE-SU-2014_0325-1

OPENSUSE-SU-2014_0328-1

OPENSUSE-SU-2014_0346-1

OPENSUSE-SU-2024:10105-1

RHSA-2014:0246

RHSA-2014:0247

RHSA-2014:0288

RHSA-2014:0339

RHSA-2014_0246

RHSA-2014_0247

SUSE-SU-2014_0321-1

SUSE-SU-2014_0323-1

SUSE-SU-2015:0675-1

USN-2127-1

Affected Products

Alt Linux

Centos

Gnutls

Red Hat

Suse

PT-2014-1865 · Gnu+4 · Gnutls+4

CVE-2014-0092

Weakness Enumeration

Related Identifiers

Affected Products

References · 89