CVE-2014-1959

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
gnugnutls
𝑥
≤ 3.1.20
gnugnutls
3.1.0
gnugnutls
3.1.1
gnugnutls
3.1.2
gnugnutls
3.1.3
gnugnutls
3.1.4
gnugnutls
3.1.5
gnugnutls
3.1.6
gnugnutls
3.1.7
gnugnutls
3.1.8
gnugnutls
3.1.9
gnugnutls
3.1.10
gnugnutls
3.1.11
gnugnutls
3.1.12
gnugnutls
3.1.13
gnugnutls
3.1.14
gnugnutls
3.1.15
gnugnutls
3.1.16
gnugnutls
3.1.17
gnugnutls
3.1.18
gnugnutls
3.1.19
gnugnutls
𝑥
≤ 3.2.10
gnugnutls
3.2.0
gnugnutls
3.2.1
gnugnutls
3.2.2
gnugnutls
3.2.3
gnugnutls
3.2.4
gnugnutls
3.2.5
gnugnutls
3.2.6
gnugnutls
3.2.7
gnugnutls
3.2.8
gnugnutls
3.2.8.1
gnugnutls
3.2.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnutls28
bullseye
3.7.1-5+deb11u5
fixed
squeeze
not-affected
bullseye (security)
3.7.1-5+deb11u6
fixed
bookworm
3.7.9-2+deb12u3
fixed
sid
3.8.6-2
fixed
trixie
3.8.6-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnutls26
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
Fixed 2.12.23-1ubuntu6
released
trusty
Fixed 2.12.23-12ubuntu1
released
saucy
Fixed 2.12.23-1ubuntu4.1
released
quantal
Fixed 2.12.14-5ubuntu4.5
released
precise
Fixed 2.12.14-5ubuntu3.6
released
lucid
not-affected
gnutls28
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
ignored
quantal
ignored
precise
ignored
lucid
dne
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2014/q1/344
http://seclists.org/oss-sec/2014/q1/345
http://www.debian.org/security/2014/dsa-2866
http://www.gnutls.org/security.html
http://www.securityfocus.com/bid/65559
http://www.ubuntu.com/usn/USN-2121-1
https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c
http://seclists.org/oss-sec/2014/q1/344
http://seclists.org/oss-sec/2014/q1/345
http://www.debian.org/security/2014/dsa-2866
http://www.gnutls.org/security.html
http://www.securityfocus.com/bid/65559
http://www.ubuntu.com/usn/USN-2121-1
https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c