RUSTSEC-2023-0052: webpki: CPU denial of service in certificate path building #62

github-actions · 2023-09-30T00:30:50Z

webpki: CPU denial of service in certificate path building

Details
Package	`webpki`
Version	`0.21.4`
Date	2023-08-22
Patched versions	`>=0.22.1`

When this crate is given a pathological certificate chain to validate, it will
spend CPU time exponential with the number of candidate certificates at each
step of path building.

Both TLS clients and TLS servers that accept client certificate are affected.

This was previously reported in
<briansmith/webpki#69> and re-reported recently
by Luke Malinowski.

See advisory page for additional details.

The text was updated successfully, but these errors were encountered:

github-actions · 2023-10-30T00:31:14Z

There hasn't been any activity on this issue recently, and in order to prioritize active issues, it will be marked as stale.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a 👍
Because this issue is marked as stale, it will be closed and locked in 7 days if no further activity occurs.
Thank you for your contributions!

github-actions bot added the stale label Oct 30, 2023

antiyro closed this as completed Dec 3, 2023

github-actions bot locked and limited conversation to collaborators Jan 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RUSTSEC-2023-0052: webpki: CPU denial of service in certificate path building #62

RUSTSEC-2023-0052: webpki: CPU denial of service in certificate path building #62

github-actions bot commented Sep 30, 2023

github-actions bot commented Oct 30, 2023

RUSTSEC-2023-0052: webpki: CPU denial of service in certificate path building #62

RUSTSEC-2023-0052: webpki: CPU denial of service in certificate path building #62

Comments

github-actions bot commented Sep 30, 2023

github-actions bot commented Oct 30, 2023