[gnutls-devel] libtasn1 | Parsing a certificate containing numerous names or name constraints leads to a DoS attack (#52)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Feb 7 10:51:15 CET 2025
Andreas Stieger commented: https://gitlab.com/gnutls/libtasn1/-/issues/52#note_2336406135
I believe you could argue for both: `AC:L` because it seems straightforward to generate such a certificate. But also `AC:H` as you would need to get the application to process it. So the adversary would need to control one party (or be MITM), or the client needs to connect to peers based on the adversary input, or the client routinely connects to new peers, some of which turn out present specially crafted certificates. What do you think?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/52#note_2336406135
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250207/73777a22/attachment-0001.html>
More information about the Gnutls-devel
mailing list