Описание
CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cyassl | removed | package | ||
| wolfssl | fixed | 3.4.8+dfsg-1 | package |
Примечания
wolfssl actually fixed with the initial upload to unstable after the rename
according to maintainer addressed in 3.2.0 upstream
Связанные уязвимости
CVSS3: 5.9
nvd
больше 8 лет назад
CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.
CVSS3: 5.9
github
больше 3 лет назад
CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.