Vulnerability in Gnu Gnutls

CVE-2014-8155

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer…

EPSS: 0.003 (52.4th percentile) — read the EPSS interpretation.

Affected products

Gnu Gnutls
N/a — versions n/a

Weakness classification (CWE)

CWE-17

References

73317 (vdb-entry, x_refsource_BID)
RHSA-2015:1457 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)