GHSA-965h-392x-2mh5

ADVISORY - github

Summary

Name constraints for URI names were ignored and therefore accepted.

Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented. URI name constraints are now rejected unconditionally.

Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-295⁠

Improper Certificate Validation

Impacted images

Advisories

RustSec

CREATED

3 days ago

UPDATED

2 days ago

ADVISORY IDRUSTSEC-2026-0098⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
rustls-webpki	cargo	-	-	<0.103.12	0.103.12
rustls-webpki	cargo	-	-	>=0.104.0-alpha.1,<0.104.0-alpha.6	0.104.0-alpha.6

Severity and metrics

No CVSS data available from this advisory.

GitHub

CREATED

13 hours ago

UPDATED

13 hours ago

ADVISORY IDGHSA-965h-392x-2mh5⁠

EXPLOITABILITY SCORE

0.7

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

2.2low