Vulnerability in Gnu Gnutls

CVE-2015-0282

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.002 (41.7th percentile) — read the EPSS interpretation.

Affected products

Gnu Gnutls
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
DSA-3191 (vendor-advisory, x_refsource_DEBIAN)
73119 (vdb-entry, x_refsource_BID)
RHSA-2015:1457 (x_refsource_REDHAT, vendor-advisory)
1032148 (vdb-entry, x_refsource_SECTRACK)