Issued

March 15, 2017

Package

security-framework (crates.io)

Type

Vulnerability

Aliases

• CVE-2017-18588

Details

https://github.com/sfackler/rust-security-framework/pull/27

CVSS

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Patched

• >=0.1.12

Keywords

• mitm

Description

If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate.

This issue was fixed by properly configuring the trust evaluation logic to perform that check.

More

• Advisory History
• Edit Advisory