CVE DATABASE / CVE-2008-4989
CVE-2008-4989
CVSS 5.9 · MEDIUM
Summary
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
CVSS 3.1 breakdown
| Base score | 5.9 (MEDIUM) |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Attack vector | NETWORK |
| Attack complexity | HIGH |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity | HIGH |
| Availability | NONE |
Weakness type (CWE)
Affected products
Gnu gnutlsFedoraproject fedoraCanonical ubuntu linuxDebian debian linuxOpensuse opensuseSuse linux enterpriseSuse linux enterprise server
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
- http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
- http://secunia.com/advisories/32619
- http://secunia.com/advisories/32681
- http://secunia.com/advisories/32687
- http://secunia.com/advisories/32879
- http://secunia.com/advisories/33501
- http://secunia.com/advisories/33694
- http://secunia.com/advisories/35423
- http://security.gentoo.org/glsa/glsa-200901-10.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-260528-1
- http://wiki.rpath.com/Advisories:rPSA-2008-0322
- http://www.debian.org/security/2009/dsa-1719
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.