Impact
The issue resides in the OCaml‑TLS client implementation before version 2.1.0. It fails to enforce certificate KeyUsage and ExtendedKeyUsage extensions when validating the server’s certificate. Consequently a malicious server may present a certificate that is technically valid but not intended for server authentication, leading the client to accept it as trustworthy and allowing the attacker to impersonate a legitimate server. This impersonation flaw can undermine the confidentiality and integrity of the data transmitted over TLS.
Affected Systems
This vulnerability affects the OCaml‑TLS library, specifically versions earlier than 2.1.0. The library is commonly used in OCaml applications that implement TLS communication. No vendor or product name is provided in the CNA data, so any project relying on a pre‑2.1.0 build of OCaml‑TLS is potentially susceptible.
Risk and Exploitability
The CVSS v3 score of 9.1 classifies it as critical, while the EPSS score indicates a very low but non‑zero likelihood of exploitation at this time. The vulnerability is not listed in CISA’s KEV catalogue. The attack vector is likely remote: an attacker can trigger the flaw simply by connecting to a client that uses the vulnerable library and presenting a crafted certificate. No privilege escalation is required on the client side; the weakness lies only in insecure validation logic.
OpenCVE Enrichment