2009-08-12 12:30:01 2018-10-10 21:42:06

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
GNU GnuTLS 2.8.0 GNU GnuTLS 2.6.6 GNU GnuTLS 2.6.5 GNU GnuTLS 2.6.4 GNU GnuTLS 2.6.3 GNU GnuTLS 2.6.2 GNU GnuTLS 2.6.1 GNU GnuTLS 2.6.0 GNU GnuTLS 2.5.0 GNU GnuTLS 2.4.2 GNU GnuTLS 2.4.1 GNU GnuTLS 2.4.0 GNU GnuTLS 2.3.11 GNU GnuTLS 2.3.10 GNU GnuTLS 2.3.9 GNU GnuTLS 2.3.8 GNU GnuTLS 2.3.7 GNU GnuTLS 2.3.6 GNU GnuTLS 2.3.5 GNU GnuTLS 2.3.4 GNU GnuTLS 2.3.3 GNU GnuTLS 2.3.2 GNU GnuTLS 2.3.1 GNU GnuTLS 2.3.0 GNU GnuTLS 2.2.5 GNU GnuTLS 2.2.4 GNU GnuTLS 2.2.3 GNU GnuTLS 2.2.2 GNU GnuTLS 2.2.1 GNU GnuTLS 2.2.0 GNU GnuTLS 2.1.8 GNU GnuTLS 2.1.7 GNU GnuTLS 2.1.6 GNU GnuTLS 2.1.5 GNU GnuTLS 2.1.4 GNU GnuTLS 2.1.3 GNU GnuTLS 2.1.2 GNU GnuTLS 2.1.1 GNU GnuTLS 2.1.0 GNU GnuTLS 2.0.4 GNU GnuTLS 2.0.3 GNU GnuTLS 2.0.2 GNU GnuTLS 2.0.1 GNU GnuTLS 2.0.0 GNU GnuTLS 1.7.19 GNU GnuTLS 1.7.18 GNU GnuTLS 1.7.17 GNU GnuTLS 1.7.16 GNU GnuTLS 1.7.15 GNU GnuTLS 1.7.14 GNU GnuTLS 1.7.13 GNU GnuTLS 1.7.12 GNU GnuTLS 1.7.11 GNU GnuTLS 1.7.10 GNU GnuTLS 1.7.9 GNU GnuTLS 1.7.8 GNU GnuTLS 1.7.7 GNU GnuTLS 1.7.6 GNU GnuTLS 1.7.5 GNU GnuTLS 1.7.4 GNU GnuTLS 1.7.3 GNU GnuTLS 1.7.2 GNU GnuTLS 1.7.1 GNU GnuTLS 1.7.0 GNU GnuTLS 1.6.3 GNU GnuTLS 1.6.2 GNU GnuTLS 1.6.1 GNU GnuTLS 1.6.0 GNU GnuTLS 1.5.5 GNU GnuTLS 1.5.4 GNU GnuTLS 1.5.3 GNU GnuTLS 1.5.2 GNU GnuTLS 1.5.1 GNU GnuTLS 1.5.0 GNU GnuTLS 1.4.5 GNU GnuTLS 1.4.4 GNU GnuTLS 1.4.3 GNU GnuTLS 1.4.2 GNU GnuTLS 1.4.1 GNU GnuTLS 1.4.0 GNU GnuTLS 1.3.5 GNU GnuTLS 1.3.4 GNU GnuTLS 1.3.3 GNU GnuTLS 1.3.2 GNU GnuTLS 1.3.1 GNU GnuTLS 1.3.0 GNU GnuTLS 1.2.11 GNU GnuTLS 1.2.10 GNU GnuTLS 1.2.9 GNU GnuTLS 1.2.8.1a1 GNU GnuTLS 1.2.8 GNU GnuTLS 1.2.7 GNU GnuTLS 1.2.6 GNU GnuTLS 1.2.5 GNU GnuTLS 1.2.4 GNU GnuTLS 1.2.3 GNU GnuTLS 1.2.2 GNU GnuTLS 1.2.1 GNU GnuTLS 1.2.0 GNU GnuTLS 1.1.23 GNU GnuTLS 1.1.22 GNU GnuTLS 1.1.21 GNU GnuTLS 1.1.20 GNU GnuTLS 1.1.19 GNU GnuTLS 1.1.18 GNU GnuTLS 1.1.17 GNU GnuTLS 1.1.16 GNU GnuTLS 1.1.15 GNU GnuTLS 1.1.14 GNU GnuTLS 1.1.13 GNU GnuTLS 1.0.25 GNU GnuTLS 1.0.24 GNU GnuTLS 1.0.23 GNU GnuTLS 1.0.22 GNU GnuTLS 1.0.21 GNU GnuTLS 1.0.20 GNU GnuTLS 1.0.19 GNU GnuTLS 1.0.18 GNU GnuTLS 1.0.17 GNU GnuTLS 1.0.16 GNU GnuTLS 2.8.1