Lucene search
GoogleOSV:GHSA-JQQR-C2R2-9CVRHistoryAug 25, 2021 - 8:42 p.m.
Improper Certificate Validation in security-framework
2021-08-2520:42:59
Google
osv.dev
9
certificate
validation
security-framework
custom
root
hostname
EPSS
0.001
Percentile
35.9%
If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate. This issue was fixed by properly configuring the trust evaluation logic to perform that check.
Related
osv
osv
Hostname verification skipped when custom root certs used
2017-03-15 12:00:00
CVE-2017-18588
2019-08-26 18:15:11
debiancve
debiancve
CVE-2017-18588
2019-08-26 18:15:11
github
github
Improper Certificate Validation in security-framework
2021-08-25 20:42:59
ubuntucve
ubuntucve
CVE-2017-18588
2019-08-26 00:00:00
prion
prion
Design/Logic Flaw
2019-08-26 18:15:00
rustsec
rustsec
Hostname verification skipped when custom root certs used
2017-03-15 12:00:00
cvelist
cvelist
CVE-2017-18588
2019-08-26 17:18:39
nvd
nvd
CVE-2017-18588
2019-08-26 18:15:11
cve
cve
CVE-2017-18588
2019-08-26 18:15:11