HSEC-2023-0006

See a problem?

Import Source

https://github.com/haskell/security-advisories/blob/generated/osv-export/2023/HSEC-2023-0006.json

JSON Data

https://api.osv.dev/v1/vulns/HSEC-2023-0006

Published

2023-07-19T13:59:54Z

Modified

2025-07-27T20:43:28.848121Z

Summary

x509-validation does not enforce pathLenConstraint

Details

x509-validation does not enforce pathLenConstraint

x509-validation prior to version 1.4.8 did not enforce the pathLenConstraint value. Constrained CAs could accidentally (or deliberately) issue CAs below the maximum depth and x509-validation would accept certificates issued by the unauthorised intermediate CAs.

Database specific

{
    "osvs": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export",
    "home": "https://haskell.github.io/security-advisories",
    "repository": "https://github.com/haskell/security-advisories"
}

References

https://github.com/haskell-tls/hs-certificate/commit/06d15dbbc53739314760d8504ca764000770e46e

Affected packages

Hackage / x509-validation

Package

Name: x509-validation
Purl: pkg:hackage/x509-validation

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.4.0

Fixed

1.4.8

Affected versions

1.*

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

Database specific

{
    "human_link": "https://haskell.github.io/security-advisories/advisory/HSEC-2023-0006.html",
    "osv": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export/2023/HSEC-2023-0006.json"
}