Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GnuTLS 证书验证安全绕过漏洞
Vulnerability Description
GnuTLS是比利时Nikos Mavrogiannopoulos和瑞典Simon Josefsson软件开发者共同研发的一个免费的用于实现SSL、TLS和DTLS协议的安全通信库。 GnuTLS 3.2.11及之前版本和3.1.21及之前版本中的lib/x509/verify.c文件存在安全漏洞,该漏洞源于程序验证SSL服务器端的X.509证书时,没有正确处理错误。攻击者可通过创建特制的证书利用该漏洞实施中间人攻击欺骗服务器。
CVSS Information
N/A
Vulnerability Type
N/A