CVE-2014-0092
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0478 (4.8%)
Percentil: 89.5%
EPSS: 2026-05-06
Afecta
gnu:gnutlsDescripción técnica
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Publicada: 7/3/2014, 0:10:53
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://gnutls.org/security.html#GNUTLS-SA-2014-2
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html