Vulnerability CVE-2014-0092: Information

Description

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Severity: MEDIUM (5.8)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-0092
Published: March 7, 2014
Modified: Nov. 28, 2016
Error type identifier: CWE-310

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
gnutls26c72.12.23-alt1.M70C.22.12.23-alt1.M70C.2ALT-PU-2015-2064-1154219Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
SUSE-SU-2014:0323
    DSA-2869
      RHSA-2014:0247
        https://bugzilla.redhat.com/show_bug.cgi?id=1069865
          RHSA-2014:0246
            SUSE-SU-2014:0321
              SUSE-SU-2014:0319
                57204
                • Vendor Advisory
                57103
                  USN-2127-1
                    56933
                    • Vendor Advisory
                    http://gnutls.org/security.html#GNUTLS-SA-2014-2
                      SUSE-SU-2014:0324
                        openSUSE-SU-2014:0346
                          SUSE-SU-2014:0320
                            openSUSE-SU-2014:0325
                              SUSE-SU-2014:0322
                                openSUSE-SU-2014:0328
                                  57274
                                    57254
                                      RHSA-2014:0288
                                        57321
                                          57260
                                            SUSE-SU-2014:0445
                                              RHSA-2014:0339
                                                65919

                                                    1. Configuration 1

                                                      cpe:2.3:a:gnu:gnutls:3.2.3:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.2.0:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.2.1:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.2.8:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.2.4:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.2.9:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.2.6:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.2.10:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
                                                      End including
                                                      3.2.11
                                                      cpe:2.3:a:gnu:gnutls:3.2.7:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.2.2:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.2.5:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.2.8.1:*:*:*:*:*:*:*

                                                      Configuration 2

                                                      cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.11:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.13:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.20:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.19:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.18:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
                                                      End including
                                                      3.1.21
                                                      cpe:2.3:a:gnu:gnutls:3.1.15:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.8:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.16:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.17:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.12:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.10:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.7:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.14:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*
                                                      cpe:2.3:a:gnu:gnutls:3.1.9:*:*:*:*:*:*:*
                                                  VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                                  Version: v24.5.3
                                                  Back to top