GHSA-fh2r-99q2-6mmg: 
Rust vulnerability analysis and mitigation

The rustls-webpki package contains a CPU denial of service vulnerability (GHSA-fh2r-99q2-6mmg) in certificate path building functionality. The vulnerability affects versions < 0.100.2 and >= 0.101.0, < 0.101.4, discovered and disclosed on August 22, 2023. When the affected package is given a pathological certificate chain to validate, it will consume CPU time exponential to the number of candidate certificates at each step of path building, impacting both TLS clients and TLS servers that accept client certificates (GitHub Advisory, RustSec Advisory).

The vulnerability stems from unbounded signature verification operations during certificate path building. When processing certificate chains where multiple intermediates have subjects matching a trust anchor, the path building complexity becomes quadratic. The issue was assigned a CVSS v3.0 score of 7.5 (High) with vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network attack vector, low complexity, no privileges required, and high impact on availability (GitHub Advisory, RustSec Advisory).

The vulnerability can lead to CPU denial of service when processing maliciously crafted certificate chains. Both TLS clients and TLS servers accepting client certificates are affected, potentially allowing attackers to cause high CPU usage through exponential signature verification operations (GitHub Advisory).

The vulnerability has been patched in versions 0.100.2 and 0.101.4. The fix implements a maximum signature check limit of 100 signatures for each path building operation, inspired by the approach taken in the Golang x509 package. Users should upgrade to these patched versions to mitigate the vulnerability (GitHub Advisory).