DirectorySecurity Advisories
Sign In
Security Advisories

GHSA-8qv2-5vq6-g2g7

Published

Last updated

https://github.com/advisories/GHSA-8qv2-5vq6-g2g7

Severity

7.5

High

CVSS V3

Summary

webpki: CPU denial of service in certificate path building

Description

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building.

Both TLS clients and TLS servers that accept client certificate are affected.

This was previously reported in https://github.com/briansmith/webpki/issues/69.

rustls-webpki is a fork of this crate which contains a fix for this issue and is actively maintained.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images