CLEANSTART-2026-CT39828 Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Multiple security vulnerabilities affect the chartmuseum-fips package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details...

CVE-2025-58187

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains...

Linux Distros Unpatched Vulnerability : CVE-2022-3786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain...

Siemens SCALANCE OpenSSL Out-of-bounds Read (CVE-2022-4203)

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

ALPINE-CVE-2022-4203

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

CVE-2022-4203

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

CVE-2022-4203

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

Vulnerability in OpenSSL - X.509 Name Constraints Read Buffer Overflow

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

Tenable Nessus 10.4.x < 10.4.1 Multiple Vulnerabilities (TNS-2022-24)

According to its self-reported version, the Tenable Nessus application running on the remote host is 10.4.x prior to 10.4.1. It is, therefore, affected by multiple vulnerabilities, including: - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint...

FreeBSD : OpenSSL -- Buffer overflows in Email verification (0844671c-5a09-11ed-856e-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0844671c-5a09-11ed-856e-d4c9ef517024 advisory. - A buffer overrun can be triggered in X.509 certificate verification, specifically in name...

GHSA-8RWR-X37P-MX23 X.509 Email Address 4-byte Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

RUSTSEC-2022-0065 X.509 Email Address Variable Length Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

Vulnerability in OpenSSL - X.509 Email Address Variable Length Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

CVE-2022-3786

OpenSSL CVE-2022-3602 and CVE-2022-3786 describe buffer overflows in X.509 name-constraint processing triggered by crafted email addresses in certificates, potentially crashing the TLS client/server and, in some scenarios, enabling remote code execution. Documents confirm the issues affect OpenSS...

OpenSSL 3.0.0 < 3.0.7 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.7. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.7 advisory. - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs...