CVE-2014-1959

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.1.21 GnuTLS versions 3.2.x prior to 3.2.11

Description The issue allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. This is because GnuTLS treats version 1 X.509 certificates as intermediate CAs. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For GnuTLS versions prior to 3.1.21, update to version 3.1.21 or later. For GnuTLS versions 3.2.x prior to 3.2.11, update to version 3.2.11 or later. As a temporary workaround, consider restricting the use of X.509 V1 certificates from trusted CAs to minimize the risk of exploitation.