GHSA-8qv2-5vq6-g2g7: 
Rust vulnerability analysis and mitigation

The webpki crate (version <= 0.22.1) contains a CPU denial of service vulnerability in its certificate path building functionality. The vulnerability was discovered and reported on August 22, 2023, and affects both TLS clients and TLS servers that accept client certificates. When presented with a pathological certificate chain for validation, the system would experience exponential CPU time consumption relative to the number of candidate certificates at each path-building step (GitHub Advisory, RustSec Advisory).

The vulnerability has been assigned a CVSS v3.0 score of 7.5 (High), with a vector string of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue stems from the certificate path validation process where the crate would perform an unbounded number of signature validations when processing certificate chains. The vulnerability specifically manifests when the set of intermediates all have subjects matching a trust anchor, leading to quadratic complexity in pathbuilding (GitHub Commit).

The vulnerability primarily affects system availability through excessive CPU consumption. When exploited, it can lead to a denial of service condition by forcing the system to perform an exponential number of signature validation operations during certificate chain validation. The vulnerability has no direct impact on system confidentiality or integrity (RustSec Advisory).

The vulnerability has been patched in webpki version 0.22.2, which implements a maximum signature check limit of 100 signatures during pathbuilding, similar to the approach taken in the Golang x509 package. Users are advised to upgrade to this version or later. Additionally, rustls-webpki, a fork of this crate, contains the fix and is actively maintained (GitHub Advisory).