Описание
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | 2.12.23-12ubuntu2 |
| lucid | released | 2.8.5-2ubuntu0.5 |
| precise | released | 2.12.14-5ubuntu3.7 |
| precise/esm | not-affected | 2.12.14-5ubuntu3.7 |
| quantal | released | 2.12.14-5ubuntu4.6 |
| saucy | released | 2.12.23-1ubuntu4.2 |
| trusty | released | 2.12.23-12ubuntu2 |
| trusty/esm | not-affected | 2.12.23-12ubuntu2 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.2.11-2ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [3.2.11-2ubuntu1]] |
| esm-infra/xenial | not-affected | 3.2.11-2ubuntu1 |
| lucid | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| saucy | ignored | end of life |
| trusty | not-affected | 3.2.11-2ubuntu1 |
| trusty/esm | DNE | trusty was not-affected [3.2.11-2ubuntu1] |
Показывать по
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does ...
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
EPSS
5.8 Medium
CVSS2