CVE-2014-1959
Mandriva Linux Security Advisory 2014-043
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
lib/x509/verify.c en GnuTLS anterior a 3.1.21 y 3.2.x anterior a 3.2.11 trata certificados X.509 de versiĆ³n 1 como CAs intermedios, lo que permite a atacantes remotos evadir restricciones mediante el aprovechamiento de un certificado X.509 V1 de un CA confiable para emitir certificados nuevos.
Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs. A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC certificates or certificate signing requests. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-02-13 CVE Reserved
- 2014-02-20 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2014/q1/344 | Mailing List |
|
| http://seclists.org/oss-sec/2014/q1/345 | Mailing List |
|
| http://www.securityfocus.com/bid/65559 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2014/dsa-2866 | 2016-11-28 | |
| http://www.gnutls.org/security.html | 2016-11-28 | |
| http://www.ubuntu.com/usn/USN-2121-1 | 2016-11-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | <= 3.1.20 Search vendor "Gnu" for product "Gnutls" and version " <= 3.1.20" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.0 Search vendor "Gnu" for product "Gnutls" and version "3.1.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.1 Search vendor "Gnu" for product "Gnutls" and version "3.1.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.2 Search vendor "Gnu" for product "Gnutls" and version "3.1.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.3 Search vendor "Gnu" for product "Gnutls" and version "3.1.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.4 Search vendor "Gnu" for product "Gnutls" and version "3.1.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.5 Search vendor "Gnu" for product "Gnutls" and version "3.1.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.6 Search vendor "Gnu" for product "Gnutls" and version "3.1.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.7 Search vendor "Gnu" for product "Gnutls" and version "3.1.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.8 Search vendor "Gnu" for product "Gnutls" and version "3.1.8" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.9 Search vendor "Gnu" for product "Gnutls" and version "3.1.9" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.10 Search vendor "Gnu" for product "Gnutls" and version "3.1.10" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.11 Search vendor "Gnu" for product "Gnutls" and version "3.1.11" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.12 Search vendor "Gnu" for product "Gnutls" and version "3.1.12" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.13 Search vendor "Gnu" for product "Gnutls" and version "3.1.13" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.14 Search vendor "Gnu" for product "Gnutls" and version "3.1.14" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.15 Search vendor "Gnu" for product "Gnutls" and version "3.1.15" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.16 Search vendor "Gnu" for product "Gnutls" and version "3.1.16" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.17 Search vendor "Gnu" for product "Gnutls" and version "3.1.17" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.18 Search vendor "Gnu" for product "Gnutls" and version "3.1.18" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.1.19 Search vendor "Gnu" for product "Gnutls" and version "3.1.19" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | <= 3.2.10 Search vendor "Gnu" for product "Gnutls" and version " <= 3.2.10" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.0 Search vendor "Gnu" for product "Gnutls" and version "3.2.0" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.1 Search vendor "Gnu" for product "Gnutls" and version "3.2.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.2 Search vendor "Gnu" for product "Gnutls" and version "3.2.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.3 Search vendor "Gnu" for product "Gnutls" and version "3.2.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.4 Search vendor "Gnu" for product "Gnutls" and version "3.2.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.5 Search vendor "Gnu" for product "Gnutls" and version "3.2.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.6 Search vendor "Gnu" for product "Gnutls" and version "3.2.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.7 Search vendor "Gnu" for product "Gnutls" and version "3.2.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.8 Search vendor "Gnu" for product "Gnutls" and version "3.2.8" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.8.1 Search vendor "Gnu" for product "Gnutls" and version "3.2.8.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnutls Search vendor "Gnu" for product "Gnutls" | 3.2.9 Search vendor "Gnu" for product "Gnutls" and version "3.2.9" | - |
Affected
| ||||||