204e05404f
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
11 lines
700 B
Text
11 lines
700 B
Text
Security
|
|
* Fix a vulnerability in the verification of X.509 certificates when
|
|
matching the expected common name (the cn argument of
|
|
mbedtls_x509_crt_verify()) with the actual certificate name: when the
|
|
subjecAltName extension is present, the expected name was compared to any
|
|
name in that extension regardless of its type. This means that an
|
|
attacker could for example impersonate a 4-bytes or 16-byte domain by
|
|
getting a certificate for the corresponding IPv4 or IPv6 (this would
|
|
require the attacker to control that IP address, though). Similar attacks
|
|
using other subjectAltName name types might be possible. Found and
|
|
reported by kFYatek in #3498.
|