DSA-4118-1 tomcat-native -- tomcat-nativeID: oval:org.secpod.oval:def:53256 | Date: (C)2019-04-04 (M)2023-12-20 |
Class: PATCH | Family: unix |
Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime library"s network connection implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate. If OCSP checks are used, this could result in client certificates that should have been rejected to be accepted.