Summary
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack.
Products not listed in the Impact Details section have not been evaluated. Furthermore, products that have exceeded any software maintenance time periods are also not evaluated and will not be published. Please consult End of Sale and End of Service Life - Extreme Networks for the EOL notices related to the product under question.
Products Potentially Affected
Impact Details
| OS/Product |
Exposure |
| Extreme Management Center (XMC) |
No |
| ExtremeAnalytics |
No |
| ExtremeCloud IQ |
No |
| ExtremeControl |
No |
| IQ Engine (HiveOS) |
No |
| XIQ-SE |
No |
| BOSS |
No |
| Fabric Engine (VOSS) |
No |
| Switch Engine (EXOS) |
No |
| WiNG |
No |
| Network OS |
No |
| SLX-OS |
No |
Repair Recommendations
None
Please see the full Security Advisory article here for more details.
