BIT-ENVOY-2022-21656 X.509 subjectAltName matching bypass in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...

SUSE CVE-2022-21656

Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...

Envoy Trust Management Issue Vulnerability (CNVD-2022-16290)

Envoy is an open source distributed proxy server. Envoy has a trust management issue vulnerability that stems from a type confusion error in the defaultvalidator.cc implementation used to implement the default certificate validation routines when handling subjectAltNames. no details of the...

CVE-2022-21656

A flaw was found in envoy. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames...

Type confusion

Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...

CVE-2022-21656 X.509 subjectAltName matching bypass in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...

USN-2315-1: serf vulnerability

Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

openSUSE Security Update : jakarta-commons-httpclient3 (openSUSE-SU-2013:0623-1)

jakarta-commons-httpclient3 was updated to enhance the fix of bnc803332 / CVE-2012-5783 : - also add a check for subjectAltNames in certificates %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

PHP SSL Module "subjectAltNames"空字节处理安全绕过漏洞

Bugtraq ID:61776 PHP是一种HTML内嵌式的脚本语言 PHP SSL模块不正确处理服务器SSL证书中"subjectAltNames"通用名中的空字节，允许攻击者利用漏洞进行中间人攻击，获取敏感信息 0 PHP 5.3.27 PHP 5.4.17 PHP 5.5.1 厂商解决方案 用户可参考如下厂商提供的安全补丁以修复该漏洞： http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755...

Mandriva Linux Security Advisory : python (MDVSA-2013:214)

Updated python packages fix security vulnerability : Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...

Updated python packages fix CVE-2013-4238 and pip

Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...