CVE-2018-16253
CVE-2018-16253 describes a flaw in axTLS 2.1.3 and earlier where PKCS#1 v1.5 signature verification in sig_verify() of x509.c does not properly verify ASN.1 metadata, enabling a remote attacker to forge signatures under small public exponents and impersonate via fake X.509 certificates. The issue...