Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RUSTSEC-2023-0052: webpki: CPU denial of service in certificate path building #652

Open
github-actions bot opened this issue Aug 23, 2023 · 2 comments
Open

RUSTSEC-2023-0052: webpki: CPU denial of service in certificate path building #652

github-actions bot opened this issue Aug 23, 2023 · 2 comments

Comments

@github-actions
Copy link
Contributor

webpki: CPU denial of service in certificate path building

Details
Package webpki
Version 0.21.4
Date 2023-08-22

When this crate is given a pathological certificate chain to validate, it will
spend CPU time exponential with the number of candidate certificates at each
step of path building.

Both TLS clients and TLS servers that accept client certificate are affected.

This was previously reported in
<briansmith/webpki#69> and re-reported recently
by Luke Malinowski.

rustls-webpki is a fork of this crate which contains a fix for this issue
and is actively maintained.

See advisory page for additional details.
@kate-goldenring kate-goldenring moved this to Investigating in Akri Roadmap Oct 3, 2023
@github-actions GitHub Actions
Copy link
Contributor Author

Issue has been automatically marked as stale due to inactivity for 90 days. Update the issue to remove label, otherwise it will be automatically closed.

@github-actions github-actions bot added the stale label Nov 22, 2023
@diconico07 diconico07 removed the stale label Nov 27, 2023
@github-actions GitHub Actions
Copy link
Contributor Author

Issue has been automatically marked as stale due to inactivity for 90 days. Update the issue to remove label, otherwise it will be automatically closed.

@github-actions github-actions bot added the stale label Feb 26, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale May 26, 2024
@github-project-automation github-project-automation bot moved this from Investigating to Done in Akri Roadmap May 26, 2024
@diconico07 diconico07 reopened this May 27, 2024
@github-project-automation github-project-automation bot moved this from Done to Triage needed in Akri Roadmap May 27, 2024
@diconico07 diconico07 removed the stale label May 27, 2024
@yujinkim-msft yujinkim-msft moved this from Triage needed to Backlog in Akri Roadmap Jun 4, 2024
@yujinkim-msft yujinkim-msft moved this from Backlog to Investigating in Akri Roadmap Jun 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Akri Roadmap
Status: Investigating
Milestone
No milestone
Development

No branches or pull requests
1 participant
@diconico07