Skip to content

webpki: CRLs not considered authoritative by Distribution Point due to faulty matching logic

Moderate severity GitHub Reviewed Published Mar 20, 2026 in rustls/webpki • Updated Mar 23, 2026

Package

cargo rustls-webpki (Rust)

Affected versions

>= 0.101.0, < 0.103.10
>= 0.104.0-alpha.1, < 0.104.0-alpha.5

Patched versions

0.103.10
0.104.0-alpha.5

Description

If a certificate had more than one distributionPoint, then only the first distributionPoint would be considered against each CRL's IssuingDistributionPoint distributionPoint, and then the certificate's subsequent distributionPoints would be ignored.

The impact was that correct provided CRLs would not be consulted to check revocation. With UnknownStatusPolicy::Deny (the default) this would lead to incorrect but safe Error::UnknownRevocationStatus. With UnknownStatusPolicy::Allow this would lead to inappropriate acceptance of revoked certificates.

This vulnerability is thought to be of limited impact. This is because both the certificate and CRL are signed -- an attacker would need to compromise a trusted issuing authority to trigger this bug. An attacker with such capabilities could likely bypass revocation checking through other more impactful means (such as publishing a valid, empty CRL.)

More likely, this bug would be latent in normal use, and an attacker could leverage faulty revocation checking to continue using a revoked credential.

References

@ctz ctz published to rustls/webpki Mar 20, 2026
Published to the GitHub Advisory Database Mar 20, 2026
Reviewed Mar 20, 2026
Last updated Mar 23, 2026

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
High
Privileges required
High
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS score

Weaknesses

Improper Check for Certificate Revocation

The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-pwjx-qhcg-rvj4

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.