Ireneusz Pastusiak

**Name of the Vulnerable Software and Affected Versions** Mod gnutls versions prior to 0.12.3 Mod gnutls versions prior to 0.13.0 **Description** Mod gnutls is a TLS module for Apache HTTPD based on GnuTLS. The software contains an issue where code for client certificate verification imports the certificate chain sent by the client into a fixed size array, `gnutls x509 crt t x509[]`, without checking if the number of certificates exceeds the array size. `gnutls x509 crt t` is a pointer to an opaque GnuTLS structure created using `gnutls x509 crt init()` before importing certificate data. While attacker-controlled data is not written into the stack buffer, writing a pointer after the last array element can trigger a segmentation fault or potentially cause stack corruption. Server configurations that do not use client certificates (`GnuTLSClientVerify ignore`) are not affected. **Recommendations** Mod gnutls versions prior to 0.12.3 should be upgraded to version 0.12.3 or later. Mod gnutls versions prior to 0.13.0 should be upgraded to version 0.13.0 or later.

**Name of the Vulnerable Software and Affected Versions** Mod gnutls versions prior to 0.13.0 **Description** Mod gnutls, a TLS module for Apache HTTPD based on GnuTLS, had an issue where the code for client certificate verification did not validate the key purpose as defined in the Extended Key Usage extension. This could allow an attacker possessing the private key of a valid certificate, issued by a trusted CA for TLS client authentication but intended for a different purpose, to gain unauthorized access to resources requiring TLS client authentication. Server configurations not utilizing client certificates are not affected. The issue does not have a practical impact if dedicated Certificate Authorities (CAs) or sub-CAs are used solely for issuing TLS client certificates. The function `gnutls certificate verify peers()` is involved in the verification process. **Recommendations** Versions prior to 0.13.0 should be updated to version 0.13.0 or later.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1 Oracle GraalVM for JDK versions 17.0.17 and 21.0.9 Oracle GraalVM Enterprise Edition version 21.3.16 **Description** An easily exploitable issue exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. An unauthenticated attacker with network access, through multiple protocols, can compromise the software. Successful exploitation may lead to a denial-of-service (DOS) condition, causing a hang or frequent crashes. This issue primarily affects Java deployments that load and execute untrusted code within a sandbox environment, such as Java Web Start applications or applets. It does not typically impact server-side Java deployments running only trusted code. **Recommendations** Update Oracle Java SE to a version later than 25.0.1. Update Oracle GraalVM for JDK to a version later than 21.0.9. Update Oracle GraalVM Enterprise Edition to a version later than 21.3.16.