Description
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
References (3)
Core 3
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1196323
Patch, Third Party Advisory x_refsource_misc
https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff
Third Party Advisory x_refsource_misc
http://www.debian.org/security/2015/dsa-3191
Scores
CVSS v3
7.5
EPSS
0.0043
EPSS Percentile
62.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (4)
debian/debian_linux
7.0
gnu/gnutls
< 3.3.13
redhat/enterprise_linux
5.0
redhat/enterprise_linux
7.0
Published
Jan 27, 2020
Tracked Since
Feb 18, 2026