CVE-2004-2531
First published: Fri Dec 31 2004(Updated: )
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GnuTLS | =1.0.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-2531?
CVE-2004-2531 is considered a high severity vulnerability due to its potential to cause denial of service by exhausting CPU resources.
How do I fix CVE-2004-2531?
To fix CVE-2004-2531, upgrade GnuTLS to a version later than 1.0.16 that has addressed this vulnerability.
What impact does CVE-2004-2531 have on my system?
CVE-2004-2531 can lead to significant performance issues as the system may become unresponsive due to excessive CPU consumption caused by processing specific certificates.
Which versions of GnuTLS are affected by CVE-2004-2531?
CVE-2004-2531 specifically affects GnuTLS version 1.0.16.
Is there a workaround for CVE-2004-2531 if I cannot upgrade GnuTLS?
No reliable workaround exists for CVE-2004-2531 other than upgrading to a patched version of GnuTLS.
- agent/type
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/references
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/gnu
- canonical/gnutls
- version/gnutls/1.0.16