13 matches found
crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application
A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...
BIT-GOLANG-2026-33810 Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...
SUSE CVE-2026-32281
Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...
CVE-2026-32281
Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...
DEBIAN-CVE-2026-32281
Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...
CVE-2026-32281 Inefficient policy validation in crypto/x509
Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...
CVE-2026-32281
CVE-2026-32281 : In Go, policy validation for X.509 certificate chains can be inefficient when many policy mappings are present, potentially enabling a denial-of-service on validation of otherwise trusted chains. The OpenSUSE advisories note fixes in Go updates: go1.25.9 and go1.26.2, with SUSE p...
CVE-2026-33810
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...
CVE-2026-33810 Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...
CVE-2026-33810 Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...
GO-2026-4946 Inefficient policy validation in crypto/x509
Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...
PT-2026-31068
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description When verifying a certificate chain with excluded DNS constraints, these constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs that differ in case. This impacts the validation of...
PT-2026-31062
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description Validating certificate chains using policies can be unexpectedly inefficient when certificates in the chain contain a large number of policy mappings, potentially leading to denial of service. This impacts the...