CVE-2014-0092
gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
lib/x509/verify.c en GnuTLS anterior a 3.1.22 y 3.2.x anterior a 3.2.12 no maneja debidamente errores no especificados cuando verifica certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores a través de un certificado manipulado.
Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs. A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC certificates or certificate signing requests. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-03 CVE Reserved
- 2014-03-03 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
- CWE-310: Cryptographic Issues
CAPEC
References (27)
| URL | Tag | Source |
|---|---|---|
| http://gnutls.org/security.html#GNUTLS-SA-2014-2 | X_refsource_confirm | |
| http://secunia.com/advisories/57103 | Third Party Advisory | |
| http://secunia.com/advisories/57254 | Third Party Advisory | |
| http://secunia.com/advisories/57260 | Third Party Advisory | |
| http://secunia.com/advisories/57274 | Third Party Advisory | |
| http://secunia.com/advisories/57321 | Third Party Advisory | |
| http://www.securityfocus.com/bid/65919 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | <= 3.2.11 Search vendor "Gnu" for product "Gnutls" and version " <= 3.2.11" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.0 Search vendor "Gnu" for product "Gnutls" and version "3.2.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.1 Search vendor "Gnu" for product "Gnutls" and version "3.2.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.2 Search vendor "Gnu" for product "Gnutls" and version "3.2.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.3 Search vendor "Gnu" for product "Gnutls" and version "3.2.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.4 Search vendor "Gnu" for product "Gnutls" and version "3.2.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.5 Search vendor "Gnu" for product "Gnutls" and version "3.2.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.6 Search vendor "Gnu" for product "Gnutls" and version "3.2.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.7 Search vendor "Gnu" for product "Gnutls" and version "3.2.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.8 Search vendor "Gnu" for product "Gnutls" and version "3.2.8" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.8.1 Search vendor "Gnu" for product "Gnutls" and version "3.2.8.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.9 Search vendor "Gnu" for product "Gnutls" and version "3.2.9" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.10 Search vendor "Gnu" for product "Gnutls" and version "3.2.10" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | <= 3.1.21 Search vendor "Gnu" for product "Gnutls" and version " <= 3.1.21" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.0 Search vendor "Gnu" for product "Gnutls" and version "3.1.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.1 Search vendor "Gnu" for product "Gnutls" and version "3.1.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.2 Search vendor "Gnu" for product "Gnutls" and version "3.1.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.3 Search vendor "Gnu" for product "Gnutls" and version "3.1.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.4 Search vendor "Gnu" for product "Gnutls" and version "3.1.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.5 Search vendor "Gnu" for product "Gnutls" and version "3.1.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.6 Search vendor "Gnu" for product "Gnutls" and version "3.1.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.7 Search vendor "Gnu" for product "Gnutls" and version "3.1.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.8 Search vendor "Gnu" for product "Gnutls" and version "3.1.8" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.9 Search vendor "Gnu" for product "Gnutls" and version "3.1.9" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.10 Search vendor "Gnu" for product "Gnutls" and version "3.1.10" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.11 Search vendor "Gnu" for product "Gnutls" and version "3.1.11" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.12 Search vendor "Gnu" for product "Gnutls" and version "3.1.12" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.13 Search vendor "Gnu" for product "Gnutls" and version "3.1.13" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.14 Search vendor "Gnu" for product "Gnutls" and version "3.1.14" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.15 Search vendor "Gnu" for product "Gnutls" and version "3.1.15" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.16 Search vendor "Gnu" for product "Gnutls" and version "3.1.16" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.17 Search vendor "Gnu" for product "Gnutls" and version "3.1.17" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.18 Search vendor "Gnu" for product "Gnutls" and version "3.1.18" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.19 Search vendor "Gnu" for product "Gnutls" and version "3.1.19" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.20 Search vendor "Gnu" for product "Gnutls" and version "3.1.20" | - |
Affected
| ||||||