CVE-2024-34702: 
Botan vulnerability analysis and mitigation

Botan, a C++ cryptography library, was found to have a vulnerability (CVE-2024-34702) in its X.509 certificate name constraints processing. Prior to versions 3.5.0 and 2.19.5, checking name constraints in X.509 certificates was quadratic in the number of names and name constraints. The vulnerability was discovered and reported by Bing Shi (GitHub Advisory).

The vulnerability stems from inefficient processing of name constraints in X.509 certificates. An attacker could exploit this by presenting a certificate chain containing a large number of names in the SubjectAlternativeName, signed by a CA certificate with numerous name constraints. In proof-of-concept testing, a certificate containing 32K domain names signed by a certificate with 32K name constraints could cause verification to take several minutes (GitHub Advisory). The vulnerability has been assigned a CVSS v3.1 score of 5.3 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) (NVD).

The vulnerability could allow an attacker to cause a denial of service condition by forcing the system to spend excessive time processing certificate name constraints. This could affect any application that relies on processing or verifying X.509 certificates, including almost all uses of TLS (GitHub Advisory).

The issue has been fixed in Botan 3.5.0 and 2.19.5 through multiple improvements: signature chain verification is performed before checking other parameters, name constraint processing has been optimized, SubjectAlternativeName parsing has been improved, and a limit has been placed on the product of names and name constraints (220 in v3.5.0, 212 in v2.19.5). As a workaround for unpatched systems, applications can reject certificates with excessive name constraints (more than 128) before verification (GitHub Advisory).