Impact
A flaw in GnuTLS allows an oversized Subject Alternative Name to cause the validation process to fall back to field. This leads to a bypass of certificate validation, permitting an attacker to spoof a legitimate server or perform a man‑in‑the‑middle attack.
Affected Systems
Red Hat Enterprise Linux 6 through 10, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4 are affected as the GnuTLS library bundled with these distributions contains the flaw. No explicit version ranges are disclosed in the advisory.
Risk and Exploitability
The vulnerability receives a CVSS score of 8.2, indicating high severity, while the EPSS score of 0.00354 shows a very low but nonzero probability of exploitation. It is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote: an attacker supplies a certificate with an oversized SAN, causing GnuTLS to ignore the SAN and incorrectly use the CN for validation. The flaw is classified as CWE-1284 and CWE-295, both describing weaknesses in certificate validation logic, and if exploited the attacker can impersonate a trusted server or intercept encrypted traffic.
OpenCVE Enrichment
Debian DLA
Debian DSA
Ubuntu USN