Lucene search

[email protected]NVD:CVE-2014-0092

HistoryMar 07, 2014 - 12:10 a.m.

CVE-2014-0092

2014-03-0700:10:53

CWE-310

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.075 Low

EPSS

Percentile

94.1%

JSON

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Affected configurations

NVD

Node

gnugnutlsRange≤3.2.11

gnugnutlsMatch3.2.0

gnugnutlsMatch3.2.1

gnugnutlsMatch3.2.2

gnugnutlsMatch3.2.3

gnugnutlsMatch3.2.4

gnugnutlsMatch3.2.5

gnugnutlsMatch3.2.6

gnugnutlsMatch3.2.7

gnugnutlsMatch3.2.8

gnugnutlsMatch3.2.8.1

gnugnutlsMatch3.2.9

gnugnutlsMatch3.2.10

Node

gnugnutlsRange≤3.1.21

gnugnutlsMatch3.1.0

gnugnutlsMatch3.1.1

gnugnutlsMatch3.1.2

gnugnutlsMatch3.1.3

gnugnutlsMatch3.1.4

gnugnutlsMatch3.1.5

gnugnutlsMatch3.1.6

gnugnutlsMatch3.1.7

gnugnutlsMatch3.1.8

gnugnutlsMatch3.1.9

gnugnutlsMatch3.1.10

gnugnutlsMatch3.1.11

gnugnutlsMatch3.1.12

gnugnutlsMatch3.1.13

gnugnutlsMatch3.1.14

gnugnutlsMatch3.1.15

gnugnutlsMatch3.1.16

gnugnutlsMatch3.1.17

gnugnutlsMatch3.1.18

gnugnutlsMatch3.1.19

gnugnutlsMatch3.1.20

References

gnutls.org/security.html#GNUTLS-SA-2014-2

lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html

rhn.redhat.com/errata/RHSA-2014-0246.html

rhn.redhat.com/errata/RHSA-2014-0247.html

rhn.redhat.com/errata/RHSA-2014-0288.html

rhn.redhat.com/errata/RHSA-2014-0339.html

secunia.com/advisories/56933

secunia.com/advisories/57103

secunia.com/advisories/57204

secunia.com/advisories/57254

secunia.com/advisories/57260

secunia.com/advisories/57274

secunia.com/advisories/57321

www.debian.org/security/2014/dsa-2869

www.securityfocus.com/bid/65919

www.ubuntu.com/usn/USN-2127-1

bugzilla.redhat.com/show_bug.cgi?id=1069865

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.075 Low

EPSS

Percentile

94.1%

JSON

CVE-2014-0092

Affected configurations

References

Related