[SECURITY] Fedora 42 Update: nss-3.122.1-1.fc42

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

Shaping a Quantum-Resistant Future: Strategies for Post-Quantum PKI

As the quantum computing era approaches, securing classical cryptographic protocols becomes imperative. Public key cryptography is widely used for signature and key exchange but it is the type of cryptography more threatened by quantum computing. Its application typically requires support via a...

Uncaught Exception

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well...

X.400 address type confusion in X.509 GeneralName

...

Huawei USG9500 Denial of Service Vulnerability (CNVD-2020-00217)

Huawei USG9500 is a data center firewall product from Huawei, China. A denial of service vulnerability exists in the implementation of X.509 in Huawei USG9500 V500R001C30 and V500R001C60 versions. An attacker could exploit this vulnerability to cause a denial of service...

OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)

A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP addres...

OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720)

A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly...

sendmail: incorrect verification of SSL certificate with NUL in name

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and 2 allows...