CVE-2009-2730

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
gnugnutls
𝑥
≤ 2.8.1
gnugnutls
1.0.16
gnugnutls
1.0.17
gnugnutls
1.0.18
gnugnutls
1.0.19
gnugnutls
1.0.20
gnugnutls
1.0.21
gnugnutls
1.0.22
gnugnutls
1.0.23
gnugnutls
1.0.24
gnugnutls
1.0.25
gnugnutls
1.1.13
gnugnutls
1.1.14
gnugnutls
1.1.15
gnugnutls
1.1.16
gnugnutls
1.1.17
gnugnutls
1.1.18
gnugnutls
1.1.19
gnugnutls
1.1.20
gnugnutls
1.1.21
gnugnutls
1.1.22
gnugnutls
1.1.23
gnugnutls
1.2.0
gnugnutls
1.2.1
gnugnutls
1.2.2
gnugnutls
1.2.3
gnugnutls
1.2.4
gnugnutls
1.2.5
gnugnutls
1.2.6
gnugnutls
1.2.7
gnugnutls
1.2.8
gnugnutls
1.2.8.1a1:a1
gnugnutls
1.2.9
gnugnutls
1.2.10
gnugnutls
1.2.11
gnugnutls
1.3.0
gnugnutls
1.3.1
gnugnutls
1.3.2
gnugnutls
1.3.3
gnugnutls
1.3.4
gnugnutls
1.3.5
gnugnutls
1.4.0
gnugnutls
1.4.1
gnugnutls
1.4.2
gnugnutls
1.4.3
gnugnutls
1.4.4
gnugnutls
1.4.5
gnugnutls
1.5.0
gnugnutls
1.5.1
gnugnutls
1.5.2
gnugnutls
1.5.3
gnugnutls
1.5.4
gnugnutls
1.5.5
gnugnutls
1.6.0
gnugnutls
1.6.1
gnugnutls
1.6.2
gnugnutls
1.6.3
gnugnutls
1.7.0
gnugnutls
1.7.1
gnugnutls
1.7.2
gnugnutls
1.7.3
gnugnutls
1.7.4
gnugnutls
1.7.5
gnugnutls
1.7.6
gnugnutls
1.7.7
gnugnutls
1.7.8
gnugnutls
1.7.9
gnugnutls
1.7.10
gnugnutls
1.7.11
gnugnutls
1.7.12
gnugnutls
1.7.13
gnugnutls
1.7.14
gnugnutls
1.7.15
gnugnutls
1.7.16
gnugnutls
1.7.17
gnugnutls
1.7.18
gnugnutls
1.7.19
gnugnutls
2.0.0
gnugnutls
2.0.1
gnugnutls
2.0.2
gnugnutls
2.0.3
gnugnutls
2.0.4
gnugnutls
2.1.0
gnugnutls
2.1.1
gnugnutls
2.1.2
gnugnutls
2.1.3
gnugnutls
2.1.4
gnugnutls
2.1.5
gnugnutls
2.1.6
gnugnutls
2.1.7
gnugnutls
2.1.8
gnugnutls
2.2.0
gnugnutls
2.2.1
gnugnutls
2.2.2
gnugnutls
2.2.3
gnugnutls
2.2.4
gnugnutls
2.2.5
gnugnutls
2.3.0
gnugnutls
2.3.1
gnugnutls
2.3.2
gnugnutls
2.3.3
gnugnutls
2.3.4
gnugnutls
2.3.5
gnugnutls
2.3.6
gnugnutls
2.3.7
gnugnutls
2.3.8
gnugnutls
2.3.9
gnugnutls
2.3.10
gnugnutls
2.3.11
gnugnutls
2.4.0
gnugnutls
2.4.1
gnugnutls
2.4.2
gnugnutls
2.5.0
gnugnutls
2.6.0
gnugnutls
2.6.1
gnugnutls
2.6.2
gnugnutls
2.6.3
gnugnutls
2.6.4
gnugnutls
2.6.5
gnugnutls
2.6.6
gnugnutls
2.8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnutls11
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
dapper
ignored
gnutls12
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
dapper
Fixed 1.2.9-2ubuntu1.7
released
gnutls13
karmic
dne
jaunty
dne
intrepid
dne
hardy
Fixed 2.0.4-1ubuntu2.6
released
dapper
dne
gnutls26
karmic
Fixed 2.6.6-1ubuntu1
released
jaunty
Fixed 2.4.2-6ubuntu0.1
released
intrepid
Fixed 2.4.1-1ubuntu0.4
released
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://article.gmane.org/gmane.network.gnutls.general/1733
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://secunia.com/advisories/36266
http://secunia.com/advisories/36496
http://www.openwall.com/lists/oss-security/2009/08/14/6
http://www.redhat.com/support/errata/RHSA-2009-1232.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securitytracker.com/id?1022777
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/52404
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://article.gmane.org/gmane.network.gnutls.general/1733
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://secunia.com/advisories/36266
http://secunia.com/advisories/36496
http://www.openwall.com/lists/oss-security/2009/08/14/6
http://www.redhat.com/support/errata/RHSA-2009-1232.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securitytracker.com/id?1022777
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/52404
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409
https://rhn.redhat.com/errata/RHSA-2010-0095.html