Ireneusz Pastusiak

**Name of the Vulnerable Software and Affected Versions** Mod gnutls versions prior to 0.12.3 Mod gnutls versions prior to 0.13.0 **Description** Mod gnutls is a TLS module for Apache HTTPD based on GnuTLS. The software contains an issue where code for client certificate verification imports the certificate chain sent by the client into a fixed size array, `gnutls x509 crt t x509[]`, without checking if the number of certificates exceeds the array size. `gnutls x509 crt t` is a pointer to an opaque GnuTLS structure created using `gnutls x509 crt init()` before importing certificate data. While attacker-controlled data is not written into the stack buffer, writing a pointer after the last array element can trigger a segmentation fault or potentially cause stack corruption. Server configurations that do not use client certificates (`GnuTLSClientVerify ignore`) are not affected. **Recommendations** Mod gnutls versions prior to 0.12.3 should be upgraded to version 0.12.3 or later. Mod gnutls versions prior to 0.13.0 should be upgraded to version 0.13.0 or later.

**Name of the Vulnerable Software and Affected Versions** Mod gnutls versions prior to 0.13.0 **Description** Mod gnutls, a TLS module for Apache HTTPD based on GnuTLS, had an issue where the code for client certificate verification did not validate the key purpose as defined in the Extended Key Usage extension. This could allow an attacker possessing the private key of a valid certificate, issued by a trusted CA for TLS client authentication but intended for a different purpose, to gain unauthorized access to resources requiring TLS client authentication. Server configurations not utilizing client certificates are not affected. The issue does not have a practical impact if dedicated Certificate Authorities (CAs) or sub-CAs are used solely for issuing TLS client certificates. The function `gnutls certificate verify peers()` is involved in the verification process. **Recommendations** Versions prior to 0.13.0 should be updated to version 0.13.0 or later.

**Nome do Software Vulnerável e Versões Afetadas** Versões do Oracle Java SE 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1 Versões do Oracle GraalVM para JDK 17.0.17 e 21.0.9 Versão 21.3.16 do Oracle GraalVM Enterprise Edition **Descrição** Existe uma falha facilmente explorável no Oracle Java SE, no Oracle GraalVM para JDK e no Oracle GraalVM Enterprise Edition. Um atacante não autenticado com acesso à rede, através de múltiplos protocolos, pode comprometer o software. A exploração bem-sucedida pode levar a uma condição de negação de serviço (DoS), causando travamentos ou falhas frequentes. Esta falha afeta principalmente implantações Java que carregam e executam código não confiável dentro de um ambiente sandbox, como aplicações Java Web Start ou applets. Geralmente, não impacta implantações Java no lado do servidor que executam apenas código confiável. **Recomendações** Atualize o Oracle Java SE para uma versão posterior à 25.0.1. Atualize o Oracle GraalVM para JDK para uma versão posterior à 21.0.9. Atualize o Oracle GraalVM Enterprise Edition para uma versão posterior à 21.3.16.