Lucene search
K

10 matches found

CVE
CVE
added 2026/06/25 7:30 p.m.15 views

CVE-2026-55964

CVE-2026-55964 describes a change in certificate path validation affecting OpenSSL-compatibility path building (X509_verify_cert / X509_STORE). Previously, chain-supplied temporary CAs (WOLFSSL_TEMP_CA) could be accepted as signing CAs even if the intermediate CA had CA:TRUE but lacked keyCertSig...

6.3CVSS5.9AI score0.00118EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 7:30 p.m.34 views

CVE-2026-55964 Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exemption)

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

6.3CVSS0.00118EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:46 p.m.7 views

EUVD-2026-39486

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL...

6CVSS5.9AI score0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52573

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An issue exists where chain intermediate certificates asserting CA:TRUE but lacking the keyCertSign key usage were accepted as signing CAs. This occurs because chain-supplied temporary CAs...

6.3CVSS5.8AI score0.00118EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/08/25 12:12 a.m.26 views

webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. This was previously reported in...

6.8AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/22 6:6 p.m.23 views

rustls-webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...

6.8AI score
Exploits0References5Affected Software1
RustSec
RustSec
added 2023/08/22 12:0 p.m.5 views

webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. This was previously reported in and...

7.8CVSS6.8AI score0.06325EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2023/08/22 12:0 p.m.4 views

rustls-webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...

7.8CVSS7AI score0.06325EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/08/22 12:0 p.m.63 views

RUSTSEC-2023-0053 rustls-webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...

7.5CVSS7.7AI score0.06325EPSS
Exploits0References2
OSV
OSV
added 2023/08/22 12:0 p.m.36 views

RUSTSEC-2023-0052 webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. This was previously reported in and...

7.5CVSS7.6AI score0.06325EPSS
Exploits0References2
Rows per page
Query Builder