CVE-2026-47838

Spring Security CVE-2026-47838 involves the SubjectDnX509PrincipalExtractor and malformed X.509 CN values, causing the extracted username to be read incorrectly and potentially allowing an attacker to impersonate another user. Affected versions include Spring Security 5.7.0–5.7.24; 5.8.0–5.8.26; ...

CVE-2026-22747

Summary : CVE-2026-22747 affects Spring Security 7.0.0–7.0.4. The issue is in SubjectX500PrincipalExtractor’s handling of certain malformed X.509 certificate CN values, which can cause the system to read the wrong username value and potentially allow attacker impersonation of another user. The co...

CVE-2026-22747 Unauthorized User Impersonation when Using X.509 Client Certificates

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...

Ubuntu: Security Advisory (USN-8134-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : pyasn1 vulnerabilities (USN-8134-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8134-1 advisory. It was discovered that pyasn1 could exhaust system resources when attempting to decode a malformed certificate. An...

USN-8134-1: pyasn1 vulnerabilities

It was discovered that pyasn1 could exhaust system resources when attempting to decode a malformed certificate. An attacker could possibly use this to cause a denial of service. CVE-2026-23490 Kevin Tu discovered that pyasn1 could exhaust system resources via uncontrolled recursion when attemptin...

USN-8134-1 pyasn1 vulnerabilities

It was discovered that pyasn1 could exhaust system resources when attempting to decode a malformed certificate. An attacker could possibly use this to cause a denial of service. CVE-2026-23490 Kevin Tu discovered that pyasn1 could exhaust system resources via uncontrolled recursion when attemptin...

Panic in name constraint checking for malformed certificates in crypto/x509

...

keylime security update

7.12.1-16 - CVE-2026-1709: Registrar authentication bypass 7.12.1-15 - Registrar allows identity takeover via duplicate UUID registration 7.12.1-14 - Properly fix malformed TPM certificates workaround 7.12.1-13 - Avoid opening /dev/stdout when printing 7.12.1-12 - Fix malformed TPM certificates...

CVE-2022-27536

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic...

EUVD-2022-32037

Malicious code in bioql PyPI...

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.

...

CVE-2025-54777

Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature...

Denial Of Service (DoS)

phpseclib/phpseclib is vulnerable to a Denial Of Service DoS. The vulnerability is due to a flaw in handling malformed certificates in the phpseclib/Math/BigInteger.php file by using the method isPrime. It allows an attacker to trigger excessive CPU consumption during the isPrime primality check...

Denial Of Service (DoS)

phpseclib/phpseclib is vulnerable to a Denial Of Service DoS. The vulnerability is due to a flaw in handling malformed certificates in the phpseclib/Math/BigInteger.php file by using the method isPrime. It allows an attacker to trigger excessive CPU consumption during the isPrime primality check...

USN-6578-1 dotnet6, dotnet7, dotnet8 vulnerabilities

Vishal Mishra and Anita Gaud discovered that .NET did not properly validate X.509 certificates with malformed signatures. An attacker could possibly use this issue to bypass an application's typical authentication logic. CVE-2024-0057 Morgan Brown discovered that .NET did not properly handle...

dotnet: X509 Certificates - Validation Bypass across Azure

A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggerin...

webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. This was previously reported in and...

SUSE CVE-2022-27536

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic...

SUSE SLED15 / SLES15 Security Update : go1.18 (SUSE-SU-2022:1410-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1410-1 advisory. - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of...