Impact
The crypton-x509-validation library, part of the Haskell crypton-certificate toolkit, fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who controls a name‑constrained subordinate CA to sign certificates for domains beyond their intended scope, facilitating domain impersonation and potential credential theft or man‑in‑the‑middle attacks.
Affected Systems
Systems that use the crypton-x509-validation library for TLS certificate validation, particularly those built in Haskell and incorporating the crypton-certificate package, are impacted. The vulnerability applies to versions of crypton-x509-validation that have not integrated the patch referenced in the official advisory, including early releases prior to any applied fixes.
Risk and Exploitability
With a CVSS score of 9.1, the flaw is considered critical. The EPSS score is not available, but the lack of a KEV listing does not diminish the inherent danger of the flaw, as exploitation is straightforward for an attacker controlling a constrained CA. Likely attack vectors involve supplying a malicious certificate to a TLS client that relies solely on crypton-x509-validation for validation, enabling domain spoofing without triggering conventional CA constraints.
OpenCVE Enrichment