CVE-2015-0294

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.

References

http://www.debian.org/security/2015/dsa-3191

https://bugzilla.redhat.com/show_bug.cgi?id=1196323

https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff

Details

Source: MITRE

Published: 2020-01-27

Updated: 2020-01-31

Type: CWE-295

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
123838F5 Networks BIG-IP : GnuTLS vulnerability (K54022413)NessusF5 Networks Local Security Checks
high
85230Amazon Linux AMI : gnutls (ALAS-2015-575)NessusAmazon Linux Local Security Checks
high
85193Scientific Linux Security Update : gnutls on SL6.x i386/x86_64 (20150722)NessusScientific Linux Local Security Checks
high
85142OracleVM 3.3 : gnutls (OVMSA-2015-0101)NessusOracleVM Local Security Checks
high
85109Oracle Linux 6 : gnutls (ELSA-2015-1457)NessusOracle Linux Local Security Checks
high
85023CentOS 6 : gnutls (CESA-2015:1457)NessusCentOS Local Security Checks
high
84949RHEL 6 : gnutls (RHSA-2015:1457)NessusRed Hat Local Security Checks
high
83715SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2015:0735-1)NessusSuSE Local Security Checks
high
82639SuSE 11.3 Security Update : GnuTLS (SAT Patch Number 10536)NessusSuSE Local Security Checks
medium
82460openSUSE Security Update : gnutls (openSUSE-2015-269)NessusSuSE Local Security Checks
high
82166Debian DLA-180-1 : gnutls26 security updateNessusDebian Local Security Checks
high
82024Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : gnutls26, gnutls28 vulnerabilities (USN-2540-1)NessusUbuntu Local Security Checks
high
81835Debian DSA-3191-1 : gnutls26 - security updateNessusDebian Local Security Checks
high