3 matches found
CVE-2013-0243
haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections...
CVE-2013-0243
haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections...
CVE-2013-0243
TLS-lib haskell-tls-extra prior to 0.6.1 fails to enforce Basic Constraints in certificate validation, treating any cert as a CA. This enables MITM via forged certs. Remediation: upgrade to 0.6.1 or newer; affected versions include those before 0.6.1 per HSEC-2023-0005 and RH/NVD records.