CVE-2014-0092
EPSS 4.8%gnutls26 - incorrect certificate verification
發布日:2014/3/7修改日:2026/4/28
也稱為:DEBIAN-CVE-2014-0092
描述
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
受影響套件(2)
- Debian/gnutls26from 0, < 2.8.6-1+squeeze3
- Debian/gnutls28from 0, < 3.2.11-2