GHSA-9QQ8-CGCV-QMC9 Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...

CVE-2026-40097 Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...

MongoDB Server -- Improper Certificate Validation

https://jira.mongodb.org/browse/SERVER-105783 reports: Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing...

CVE-2023-40012 uthenticode EKU validation bypass

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could...

CVE-2023-40012 uthenticode EKU validation bypass

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could...

GO-2021-0223 Certificate verification error on Windows in crypto/x509

On Windows, if VerifyOptions.Roots is nil, Certificate.Verify does not check the EKU requirements specified in VerifyOptions.KeyUsages. This may allow a certificate to be used for an unintended purpose...

GO-2021-0140

X509 Certificate verification does not validate KeyUsages EKU requirements on Windows if VerifyOptions.Roots is nil...

SUSE SLED15 / SLES15 Security Update : shim (SUSE-SU-2021:1564-1)

This update for shim fixes the following issues : Update to the unified shim binary for SBAT support bsc1182057 + Merged EKU codesign check bsc1177315 shim-install: Always assume 'removable' for Azure to avoid the endless reset loop bsc1185464. Note that Tenable Network Security has extracted the...

SUSE-SU-2021:1564-1 Security update for shim

This update for shim fixes the following issues: - Update to the unified shim binary for SBAT support bsc1182057 + Merged EKU codesign check bsc1177315 - shim-install: Always assume 'removable' for Azure to avoid the endless reset loop bsc1185464...

Design/Logic Flaw

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements if VerifyOptions.Roots equals nil and the installation is on Windows. Thus, X.509 certificate verification is incomplete...

CVE-2020-14039

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements if VerifyOptions.Roots equals nil and the installation is on Windows. Thus, X.509 certificate verification is incomplete...

Authentication Bypass

libkrb5.so is vulnerable to authentication bypasses. A malicious user can pass a forged krb cert with the right EKU when no SANs is used as no relationship is established between a user and the certificate...

RHEL 7 : krb5 (RHSA-2018:0666)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0666 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending...

Security and Quality Rollup for the .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows Server 2012 (KB 4055265)

Security and Quality Rollup for the .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows Server 2012 KB 4055265 Notice This update has been released as part of the January 2018 Preview of the Quality Rollups for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7...

Security Only update for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows Server 2012 (KB 4055270)

Security Only update for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows Server 2012 KB 4055270 View products that this article applies to. Important If you have not been offered this security update, you may be running incompatible antivirus software, and...

Description of the Security and Quality Rollup for the .NET Framework 4.5.2 for Windows Server 2012 (KB 4054994)

Description of the Security and Quality Rollup for the .NET Framework 4.5.2 for Windows Server 2012 KB 4054994 View products that this article applies to. Summary This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and .NET Core...

Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4074880)

Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 KB 4074880 Notice On January 18, 2018, update 4074880 was released to replace update 4055002 for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Window...

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 (KB 4054181)

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 KB 4054181 View products that this article applies to. Summary This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and...

Description of the Security and Quality Rollup for .NET Framework 4.6 on Windows Server 2008 SP2 (KB 4055002)

Description of the Security and Quality Rollup for .NET Framework 4.6 on Windows Server 2008 SP2 KB 4055002 Notice As of January 18, 2018, update 4055002 applies only to Windows Server 2008 SP2. For more information about the January 2018 Security and Quality Rollup for .NET Framework 4.6, 4.6.1,...

Description of the Security and Quality Rollup for the .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 (KB 4055000)

Description of the Security and Quality Rollup for the .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 KB 4055000 View products that this article applies to. Summary This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET...