CVE-2013-0243
TLS-lib haskell-tls-extra prior to 0.6.1 fails to enforce Basic Constraints in certificate validation, treating any cert as a CA. This enables MITM via forged certs. Remediation: upgrade to 0.6.1 or newer; affected versions include those before 0.6.1 per HSEC-2023-0005 and RH/NVD records.