6.6 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.046 Low
EPSS
Percentile
92.5%
The GnuTLS library did not sufficiently check the padding of PKCS #1
v1.5 signatures if the exponent of the public key is 3 (which is
widely used for CAs). This could be exploited to forge signatures
without the need of the secret key.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 6.06 | noarch | libgnutls12 | < 1.2.9-2ubuntu1.1 | UNKNOWN |
Ubuntu | 6.06 | noarch | libgnutls11 | < 1.0.16-14ubuntu1.1 | UNKNOWN |
Ubuntu | 5.10 | noarch | libgnutls11 | < 1.0.16-13.1ubuntu1.2 | UNKNOWN |
Ubuntu | 5.04 | noarch | libgnutls11 | < 1.0.16-13ubuntu0.3 | UNKNOWN |