12 matches found
crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application
A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...
CLEANSTART-2026-IM73098 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the istio-pilot-discovery package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CLEANSTART-2026-TF52804 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the istio-pilot-discovery-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
Medium: runfinch-finch
Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...
Medium: cni-plugins
Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...
Medium: nerdctl
Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...
Medium: oci-add-hooks
Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...
Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2025-088 (ALASDOCKER-2025-088)
The version of runc installed on the remote host is prior to 1.3.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-088 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a...
Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2025-081 (ALASNITRO-ENCLAVES-2025-081)
The version of runc installed on the remote host is prior to 1.3.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-081 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a...
OESA-2025-2867 golang security update
. Security Fixes: crypto/x509: Exclude subdomain constraints do not restrict wildcard SANs Exclude subdomain constraints in certificate chains do not restrict the use of wildcard SANs in leaf certificates. For example, excluding the constraint on the subdomain test.example.com does not prevent th...
TencentOS Server 4: golang (TSSA-2025:0958)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0958 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
GO-2025-4224 OpenTofu incorrectly validates excluded subdomain constraint in conjunction with TLS certificates containing wildcard SANs in github.com/opentofu/opentofu
OpenTofu incorrectly validates excluded subdomain constraint in conjunction with TLS certificates containing wildcard SANs in github.com/opentofu/opentofu...