Описание
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra-legacy/xenial | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/xenial | ignored | end of ESM support, was needs-triage |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps-legacy/xenial | needs-triage | |
| esm-apps/bionic | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/xenial | ignored | end of ESM support, was needs-triage |
| esm-infra/focal | needs-triage | |
| jammy | needs-triage | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | needs-triage | |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| jammy | needs-triage | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps-legacy/xenial | needs-triage | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/xenial | ignored | end of ESM support, was needs-triage |
| jammy | needs-triage | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| jammy | needs-triage | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-apps/resolute | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| questing | needs-triage | |
| resolute | needs-triage | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| questing | needs-triage | |
| resolute | needs-triage | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| jammy | DNE | |
| noble | DNE | |
| questing | needs-triage | |
| resolute | needs-triage | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/xenial | needs-triage | |
| esm-infra/xenial | ignored | end of ESM support, was needs-triage |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
EPSS
8.2 High
CVSS3
Связанные уязвимости
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
When verifying a certificate chain containing excluded DNS constraints ...
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
EPSS
8.2 High
CVSS3