漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
X.509 subjectAltName matching bypass in Envoy
Vulnerability Description
Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
证书验证不恰当
Vulnerability Title
Envoy 信任管理问题漏洞
Vulnerability Description
Envoy是一款开源的分布式代理服务器。 Envoy 存在信任管理问题漏洞,该漏洞源于用于实现默认证书验证例程的 default_validator.cc 实现在处理 subjectAltNames 时存在 type confusion 错误。
CVSS Information
N/A
Vulnerability Type
N/A