5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.063 Low
EPSS
Percentile
93.5%
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3,
does not properly handle excess data in the digestAlgorithm.parameters
field when generating a hash, which allows remote attackers to forge a PKCS
#1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from
correctly verifying X.509 and other certificates that use PKCS, a variant
of CVE-2006-4339.