Posted on

LibreSSL 2.7.0/2.7.1 x509_vpm.c int_x509_param_set_hosts weak authentication

A vulnerability classified as critical has been found in LibreSSL 2.7.0/2.7.1. Affected is the function int_x509_param_set_hosts in the library lib/libcrypto/x509/x509_vpm.c. Upgrading eliminates this vulnerability. A possible mitigation has been published 6 months after the disclosure of the vulnerability.