CVE-2014-1959

EPSS 0.23%

gnutls26 - certificate verification flaw

Published: 3/7/2014Modified: 4/28/2026

Description

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.

Affected packages (2)

Debian/gnutls26from 0, < 2.12.20-8
Debian/gnutls28from 0, < 3.2.11-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-1959