[gnutls-devel] libtasn1 | Parsing a certificate containing numerous names or name constraints leads to a DoS attack (#52)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Feb 7 10:58:15 CET 2025
Simon Josefsson commented: https://gitlab.com/gnutls/libtasn1/-/issues/52#note_2336419873
I suppose you picking AC:H results in a more appropriate resulting security base score overall, and now we even have some documented justification for using AC:H (which people may disagree with, but things are what they are), so +1 from me.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/52#note_2336419873
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250207/71fcdac0/attachment.html>
More information about the Gnutls-devel
mailing list