CVE-2009-5138
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0085 (0.8%)
Percentile: 74.9%
EPSS: 2026-05-06
Affects
gnu:gnutlsTechnical description
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.
Published: 3/7/2014, 12:10:53 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://article.gmane.org/gmane.comp.security.oss.general/12223
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html
- http://rhn.redhat.com/errata/RHSA-2014-0247.html
- http://secunia.com/advisories/57254
- http://secunia.com/advisories/57260