🏆 Trophy case 🏆

This page tracks notable bugs (and vulnerabilities) identified in various X.509 path validators thanks to x509-limbo.

Have you found or fixed an X.509 validation bug thanks to x509-limbo? Help us out by telling us about it!

Legend:

Symbol	Meaning
💀	CVE or other public vulnerability finding
🦺	Public bugfix

GnuTLS

• 💀 CVE-2024-28835: remote crash caused by an OOB memcpy due to a long X.509 chain.

Go (crypto/x509)

• 🦺 CL#561615
• 🦺 CL#562341
• 🦺 CL#562342
• 🦺 CL#562343
• 🦺 CL#562344
• 🦺 CL#562975
• 🦺 CL#585076