Lucene search

K
freebsdFreeBSD856A6F84-8B30-11DE-8062-00E0815B8DA8
HistoryAug 11, 2009 - 12:00 a.m.

GnuTLS -- improper SSL certificate verification

2009-08-1100:00:00
vuxml.freebsd.org
19

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.9%

GnuTLS reports:

By using a NUL byte in CN/SAN fields, it was possible to fool
GnuTLS into 1) not printing the entire CN/SAN field value when
printing a certificate and 2) cause incorrect positive matches
when matching a hostname against a certificate.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgnutls< 2.8.3UNKNOWN
FreeBSDanynoarchgnutls-devel< 2.9.0UNKNOWN

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.9%