URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid.
| Vendor | Product | Versions |
|---|---|---|
| wolfssl | wolfssl | 0, 5.9.0 |
Updated severity to CRITICAL, added affected version 5.9.0, and noted that no exploit is available.
Initial creation
