Unrated severityNVD Advisory· Published Apr 30, 2009· Updated Jun 16, 2026
CVE-2009-1417
CVE-2009-1417
Description
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
118cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*+ 116 more
- cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*range: <=2.6.5
- cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*
- Range: <2.6.6
Patches
Vulnerability mechanics
References
9- article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517nvdPatch
- secunia.com/advisories/34842nvdVendor Advisory
- secunia.com/advisories/35211nvd
- security.gentoo.org/glsa/glsa-200905-04.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/34783nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2009/1218nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/50261nvd
News mentions
0No linked articles in our index yet.