Description
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_confirm
http://www.gnutls.org/security.html
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/344
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/345
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65559
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2121-1
Exploit, Patch x_refsource_confirm
https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2866
Scores
EPSS
0.0023
EPSS Percentile
45.6%
Details
CWE
CWE-264
Status
published
Products (32)
gnu/gnutls
3.1.0
gnu/gnutls
3.1.1
gnu/gnutls
3.1.2
gnu/gnutls
3.1.3
gnu/gnutls
3.1.4
gnu/gnutls
3.1.5
gnu/gnutls
3.1.6
gnu/gnutls
3.1.7
gnu/gnutls
3.1.8
gnu/gnutls
3.1.9
... and 22 more
Published
Mar 07, 2014
Tracked Since
Feb 18, 2026