VDB
EN

RUSTSEC-2026-0099

Name constraints were accepted for certificates asserting a wildcard name

상세

Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.

This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint. This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).

Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.

This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to [@1seal](https://github.com/1seal) for the report.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

crates.io / rustls-webpki
최초 영향 버전: 0.0.0-0 수정 버전: 0.103.12

Upgrade rustls-webpki to 0.103.12 or newer (ecosystem crates.io).

참고