CVE-2018-8970

Name of the Vulnerable Software and Affected Versions LibreSSL versions 2.7.0

Description The issue arises from the int x509 param set hosts function in lib/libcrypto/x509/x509 vpm.c, which fails to handle a specific special case of a zero name length. This oversight leads to the silent omission of hostname verification, allowing man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Recommendations For LibreSSL version 2.7.0, update to version 2.7.1 to resolve the issue.