CVE-2014-0092
gnutls26 - incorrect certificate verification
EPSS 4.8%
Description
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
How to fix CVE-2014-0092
To remediate CVE-2014-0092, upgrade the affected package to a fixed version below.
- Debian/gnutls26—upgrade to 2.8.6-1+squeeze3 or later
- Debian/gnutls28—upgrade to 3.2.11-2 or later
Is CVE-2014-0092 being exploited?
Low — EPSS is 4.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.8.6-1+squeeze3
- from 0, < 3.2.11-2