Tag

Rustls-Webpki

1 brief RSS

rustls-webpki Denial-of-Service Vulnerability via Malformed CRL BIT STRING

A denial-of-service vulnerability exists in rustls-webpki versions prior to 0.103.13 and between 0.104.0-alpha.1 and 0.104.0-alpha.7 due to a panic in `bit_string_flags()` when processing a malformed CRL BIT STRING, triggered when CRL checking is enabled and an attacker provides a crafted CRL.

rustls-webpki denial-of-service crl

2r 1t Jan 9, 2024