CVE-2026-55964 Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exemption)

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

CVE-2026-55964

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

CVE-2026-42789

The CVE-2026-42789 entry documents a vulnerability in Erlang OTP public_key (pubkey_cert module): a certificate with basicConstraints cA:false and no keyUsage can be misused as an intermediate issuer during pkix_path_validation, enabling chain forgery. Two flaws in pubkey_cert:validate_extensions...

CVE-2026-31430

CVE-2026-31430 affects the Linux kernel: X.509 extensions parsing could read the first byte of an extension before checking length, causing out-of-bounds access. The vulnerability can be triggered by an unprivileged user submitting a crafted certificate via the keyrings(7) API. A PoC exists. The ...

CVE-2024-45237

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without...

Buffer Overflow

Fort is vulnerable to Buffer Overflow. The vulnerability is caused due to a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into...

CVE-2024-45237

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without...

CVE-2024-45237

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without...

UBUNTU-CVE-2024-45237

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without...

PT-2024-9114

Name of the Vulnerable Software and Affected Versions: Fort versions prior to 1.6.3 Description: The issue is related to a buffer overflow in the stack due to improper sanitization of the length of a Key Usage extension in a resource certificate served by a malicious RPKI repository. This can all...

Oracle Linux 7 : pki-core (ELSA-2018-1979)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1979 advisory. - Bugzilla Bug 1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access rhel-7.5.z ftweedal, c...

CVE-2014-2903

CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake...

CVE-2010-0525

Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly...

CVE-2010-0525

CVE-2010-0525 affects Apple Mac OS X prior to 10.6.3. Mail may select an encryption key from a keychain with multiple recipient certificates without proper key-usage validation, enabling possible information disclosure via brute-force on a weakly encrypted e‑mail. Root cause: inadequate enforceme...