A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName (DNS) or rfc822Name (email) constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.
3.7.1-5ubuntu13.7.2-2ubuntu13.7.2-4ubuntu13.7.2-5ubuntu13.7.3-4ubuntu13.7.3-4ubuntu1.13.7.3-4ubuntu1.23.7.3-4ubuntu1.33.7.3-4ubuntu1.43.7.3-4ubuntu1.5+3 more3.8.1-4ubuntu13.8.1-4ubuntu63.8.1-4ubuntu73.8.3-1.1ubuntu23.8.3-1.1ubuntu33.8.3-1.1ubuntu3.13.8.3-1.1ubuntu3.23.8.3-1.1ubuntu3.33.8.3-1.1ubuntu3.43.8.3-1.1ubuntu3.5+1 more3.8.9-2ubuntu33.8.9-3ubuntu13.8.9-3ubuntu23.8.9-3ubuntu2.13.8.10-3ubuntu13.8.12-2ubuntu13.8.9-3ubuntu23.3.15-5ubuntu23.3.18-1ubuntu13.3.20-1ubuntu13.4.10-4ubuntu13.4.10-4ubuntu1.13.4.10-4ubuntu1.23.4.10-4ubuntu1.33.4.10-4ubuntu1.43.4.10-4ubuntu1.53.4.10-4ubuntu1.6+6 more3.5.17-1ubuntu13.5.17-1ubuntu33.5.18-1ubuntu13.5.18-1ubuntu1.13.5.18-1ubuntu1.23.5.18-1ubuntu1.33.5.18-1ubuntu1.43.5.18-1ubuntu1.53.5.18-1ubuntu1.63.5.18-1ubuntu1.6+esm1+2 more3.6.10-53.6.11.1-23.6.11.1-2ubuntu23.6.13-2ubuntu13.6.13-2ubuntu1.13.6.13-2ubuntu1.103.6.13-2ubuntu1.113.6.13-2ubuntu1.123.6.13-2ubuntu1.12+esm13.6.13-2ubuntu1.2+7 more3.7.3-4ubuntu1.2+Fips1.13.7.3-4ubuntu1.2+Fips1.13.7.3-4ubuntu1.3+Fips1.13.7.3-4ubuntu1.4+Fips13.7.3-4ubuntu1.5+Fips13.7.3-4ubuntu1.6+Fips13.7.3-4ubuntu1.7+Fips13.7.3-4ubuntu1.7+Fips1.13.7.3-4ubuntu1.8+Fips1.13.8.3-1.1ubuntu3.1+Fips13.8.3-1.1ubuntu3.4+Fips13.8.3-1.1ubuntu3.4+Fips1.13.8.3-1.1ubuntu3.5+Fips1.1Exploitability
AV:NAC:HPR:NUI:NScope
S:UImpact
C:HI:HA:NCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N