FreeBSDF645AA90-A3E8-11E3-A422-3C970E169BC2gnutls -- multiple certificate verification issues
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.075 Low
EPSS
Percentile
94.1%
GnuTLS project reports:
A vulnerability was discovered that affects the
certificate verification functions of all gnutls
versions. A specially crafted certificate could
bypass certificate validation checks. The
vulnerability was discovered during an audit of
GnuTLS for Red Hat.
Suman Jana reported a vulnerability that affects
the certificate verification functions of
gnutls 2.11.5 and later versions. A version 1
intermediate certificate will be considered as
a CA certificate by default (something that
deviates from the documented behavior).
Related
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.075 Low
EPSS
Percentile
94.1%